The internet has become an integral part of our lives, and we use it to access a vast amount of information on a daily basis. When we browse the web, we are using a protocol called Hypertext Transfer Protocol (HTTP), which is responsible for transmitting data between web servers and browsers.
However, standard HTTP is vulnerable to hackers who can intercept and read the data being transmitted. To combat this issue, a more secure version of HTTP called HTTPS was developed, which encrypts the data being transmitted to ensure that it is unreadable to anyone who might intercept it.
In this quick take, we will discuss HTTP, HTTPS, and the protocols used to secure internet communications.
HTTP / HTTPS
HTTP (Hypertext Transfer Protocol) is the most widely used protocol for accessing web pages on the internet. All the information transmitted via HTTP is sent in clear text, which makes it vulnerable to hackers who can intercept and read the information.
This is particularly risky when personal sensitive information such as passwords, credit card numbers, and addresses are exchanged.
Secure HTTP (HTTPS), on the other hand, encrypts the data being transferred between computers and servers. HTTPS scrambles the data using encryption algorithms, making it impossible for hackers to read.
To indicate that a website is secure, an ‘S’ is added to the HTTP in the web address. In addition, web browsers show a padlock symbol in the address bar to indicate that secure HTTP is being used.
SSL / TLS
Secure HTTP can use one of two protocols: SSL (Secure Sockets Layer) or TLS (Transport Layer Security). SSL uses public key encryption to secure data.
When a computer connects to a website using SSL, the web server sends the computer a copy of its SSL certificate, which is a small digital certificate that authenticates the identity of a website. The computer’s browser checks to ensure that it trusts the certificate, and if it does, encrypted data can be exchanged between the computer and the web server.
TLS, on the other hand, is the latest industry-standard cryptographic protocol and is the successor to SSL. Like SSL, TLS authenticates the server and client and encrypts the data.
Many websites are now using secure HTTP by default, regardless of whether sensitive data is being exchanged or not, because Google flags websites as “not secure” if they are not SSL protected.
Websites that are not SSL protected are penalized in Google’s search rankings.
HTTPS: Encryption, Authentication, and Security
In summary, HTTP is the protocol used for accessing web pages on the internet, but it is not secure. Secure HTTP (HTTPS) encrypts the data being transferred between computers and servers, making it impossible for hackers to read.
Secure HTTP can use one of two protocols: SSL or TLS. Many websites are now using secure HTTP by default due to Google’s policy of flagging websites as “not secure” if they are not SSL protected.