If you are thinking of developing a website, it is important to inform yourself about all aspects before making concrete decisions. If, on the other hand, you already have a website and you are concerned about it giving its users the best experience, you may need some advice.
One of the most important aspects when it comes to websites is the protocols. You can find here information about the https and http protocols, without which a website cannot exist.
1. What does https mean?
Anyone who has ever wondered what https actually means, a common abbreviation in the age of technology. Here you can find information about the https protocol, what it means, where and how it is used.
What is the https protocol
HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS is a communication protocol, a set of rules for information to be transmitted.
The letter “S” at the end means that the site is secure (Secure), which is indicated by some browsers by displaying a small lock in the address bar. The data transmitted from the server to the client’s browser is encrypted, using a TLS (Transport Layer Security) encryption protocol, formerly known as SSL (Secure Sockets Layer).
HTTPS URLs start with “https://” and use port 443 by default.
Where and how the https protocol is used
Through the HTTPS protocol, the connection is made between the domain entered by the user in the browser and the server on which that domain is located. Therefore, HTTPS is a request-response protocol between a client and a server.
The exchange of information between the user and the server is encrypted with the help of encryption keys. HTTPS makes multiple checks so that the user interacts only with the desired server, so that the entered data cannot be intercepted by a third party.
The https protocol is most useful in the following situations:
- Secure online payments
- Login
- Securing accounts and personal data
- Hiding the identity of users
- Securing activity on the site
- Ensuring data integrity
2. What does http mean?
Learn about http here: what http means and how the http protocol works in relation to the browser, as well as the most used http methods.
What is the http protocol
HTTP is the abbreviation for Hypertext Transfer Protocol. Like HTTPS, HTTP is a protocol (set of rules/instructions) for application-level communication. It is the default protocol of WWW (World Wide Web) servers). This means that if the protocol part is not visible in a URL, it is http.
Due to its simplicity, the server-browser connection is very fast.
HTTP URLs begin with “http://” and use port 80 as the default port.
The first version, HTTP/0.9, was designed by Tim Berners-Lee and his collaborators, and had many shortcomings. Later versions HTTP/1.0 and HTTP/1.1 appeared. The last 2 versions are currently in use.
The HTTP protocol and the browser
The HTTP protocol is a text-based protocol that contains some rules by which web pages can be transmitted from a server to a user. When a web address is entered in the browser, the host (server) is asked to display the respective web page.
This is done through the following steps:
The DNS protocol converts the address entered by the user into an IP address
The TCP protocol transfers the IP address on port 80, the standard port of the HTTP protocol
The HTTP protocol tells the server how to deliver what was requested
The server’s response follows, which will transmit the requested information (HTML pages, scripts, etc.).
The exchange of information works in a similar way in the case of the HTTPS protocol, the difference being that the IP address will be transferred on port 443.
HTTP methods
The HTTP protocol comes with a multitude of methods, also called verbs, each with a different purpose. A server can be configured to support combinations of methods. These HTTP methods generally fall into 2 categories: secure methods (do not change server state) and unsafe methods (change server state).
The most used HTTP methods are the following:
GET: The most used method, being used to request data from a resource
PUT: the opposite of the GET method, it is used to transmit data to a resource
DELETE: The opposite of the PUT method, used to delete information
HEAD: asks to return only the page header, without the rest of the content
POST: send input data
TRACE: New method in HTTP/1.1, typically used to get more information about the path followed by the HTTP connection
CONNECT: method generally used by intermediate servers
OPTIONS: method used to query the HTTP methods the server supports
According to the aforementioned classification, GET and HEAD are secure HTTP methods, while POST, PUT and DELETE are unsafe HTTP methods.
An important note is that GET requests remain in the browser’s history and cache, while POST requests do not.
3. Differences between https protocol and http protocol
Although they have the same utility, namely data transfer, the https and http protocol are different in some aspects. You can find here the main differences between the https protocol and the http protocol, as well as some risks you expose your site to if you don’t use the https protocol.
Main differences between https and http
HTTPS is an extension of HTTP. The HTTPS protocol was developed out of the need for security. Basically, HTTPS is not a separate protocol, but the HTTP protocol integrated into a secure connection (SSL/TLS). Unlike HTTP, HTTPS resists the vast majority of attacks if properly integrated.
The HTTPS protocol is currently more widely used than the HTTP protocol.
There is also a small difference in terms of processing time. In the case of the HTTPS protocol, the server and the browser must exchange encryption keys using certificates (TLS/SSL), so the processing time will be higher than in the case of HTTP. This aspect, however, will be almost imperceptible to the user, as it takes very short times (the average loading speed of a site is 1-3 seconds).
Google announced in 2014 that sites that have an SSL certificate (so they use the HTTPS protocol) will appear higher in the search results pages than HTTP ones. Therefore, if you have a website and use a web hosting service that also adopts an SSL certificate, to increase your chances of appearing in front of the competition in search engines. Also, some browsers warn the user with the message “Not Secure” in the case of an HTTP page, which will cause many to leave the site. The SSL certificate thus becomes necessary if you want to keep your customers and give them the best possible experience.
What do you risk if you don’t use the https protocol?
In the case of HTTP, the information is divided into data packets. These packets can be easily intercepted if your computer is connected to a public Wi-Fi network. On the other hand, if the HTTPS protocol is used, if these packets reach the hands of hackers, they will be useless, because they will not contain the raw information, but an encoded information.
Also, in the case of sites without HTTPS, it is possible for some intermediaries to modify the content and insert unwanted advertisements on the site without the approval of the site owner.
Another risk occurs when not all resources on your website are secured with the https protocol. The consequence is that the entire site will be blocked. If you already own a site, hosted for example by a virtual server, it is important to know about the existence of “Mixed Content Issues” errors. If the site has mixed content (the page is secured https but certain parts such as some images, links or scripts have an http protocol) it will not be able to be accessed. Therefore, if you decide to use the https protocol, it must be used for all resources.
It is absolutely necessary to implement an SSL certificate if you are the owner of an online store. This way you ensure that the data entered by your customers (addresses, credit cards, etc.) are not stolen when they place orders. Also, all pages that collect passwords must be secured with an https protocol.
4. https and SSL certificate
HTTPS is also a method of server authentication through digital certificates. These certificates contain data that the browser requests from the server to begin the encrypted transfer of information. Thus, it is certain that the browser will communicate only with the desired server.
Many web hosting sites offer SSL certificates to their customers.
The Secure Sockets Layer certificate was created in 1994, and is a file with a set of instructions that encrypts the server-browser connection. Later it was renamed, today it is also known as TLS (Transport Layer Security). An SSL certificate eliminates the possibility for a third party to intercept users’ personal data and their activity on that site.
This security method is asymmetric and uses 2 keys to encrypt communication:
Private key – it is controlled only by the owner of the site, it is on the server and it is used to decode the information encrypted with the help of the public key; the private key is also called the decryption key
Public key – can be used by anyone who wants to encrypt a message that can only be decrypted with the private key; the public key is also called the encryption key
There are free and paid SSL certificates. In the case of paid variants, the company that issues the certificate will compensate the client if someone breaks the encryption algorithm and manages to steal or modify the data.
In recent years data security has become a very hot topic, becoming a priority if personal or sensitive data is involved. In this context, the https protocol is almost mandatory. The advice of the specialists is that all sites should resort to this option and choose an SSL certificate according to their needs. In the end, however, the choice belongs to the site owner.