HTTP VS HTTPS

In the evergrowing world of Internet users and all the business transactions happening over Internet, it becomes imperative for Internet users to understand how secure Web sites work and how are HTTP and HTTPS protocols placed in this scenario. People often ask how they can shop on a Web site, giving out personal information, and feel even remotely safe. After all, we’re sending confidential data over unsecured Web world. Hence, let’s understand the web related terms and how both HTTPS and HTTP protocols differ in functionality and scope.

HTTP

Hypertext Transfer Protocol (HTTP) is a protocol used in networking especially in client server communication over Internet and Intranet. When a user types a web address in web browser, browser acts as a client, and the computer having the requested information acts as a server. The request sent from client uses HTTP protocol to do so. The server responds back to the client after the request completes. The response comes in the form of web page which user can see just after typing the web address and press “Enter”.

• All communications sent over regular HTTP connections are in ‘plain text’ and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the ‘communication’ is form to give credit card of account details like password or OTP.

• The HyperText Transfer Protocol is an application layer protocol, which means it focuses on how information is presented to the user of the computer but doesn’t care a whit about how data gets from Source A to Destination B. It is stateless, which means it doesn’t attempt to remember anything about the previous Web session. This is great because there is less data to send, and that means speed. And HTTP operates on Transmission Control Protocol (TCP) Port 80 by default, meaning your computer must send and receive data through this port to use HTTP.

HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the ‘SSL handshake’. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.

• When a trusted SSL Digital Certificate is used during a HTTPS connection, users will see a padlock icon in the browser address bar. When a Validation Certificate is installed on a web site, the address bar will turn green.

• With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able decrypt any of the data which passes between you and the website.

The major benefits of a HTTPS are –

• Customer information, like credit card numbers, is encrypted and cannot be intercepted

• Visitors can verify you as registered entity and own domain.

• More trust for customer with HTTPS communication protocol.