HTTPS

We all benefit from the extraordinary variety of websites on the internet. Entertainment, information, inspiration, services, and more are available in seemingly endless supply. Unfortunately, not all websites are benign. Just like in the real world, there are shady businesspeople, criminals, and organized crime. For example, online banking users might be lured to a fake website so that their access information can be stolen. As another example, someone might install a public WLAN hotspot to secretly intercept communication taking place.

Initially, all data traffic on the World Wide Web was handled openly in plain text and could be easily hacked. The HTTP protocol deals with the communication between the client (i.e. the web browser) and the web server without encryption. This makes criminal activities such as spying on metadata and man-in-the-middle attacks easier.

HTTPS was developed to make the web more secure. Here you will learn what HTTPS is and how it works.

$1 Domain Names

Register great TLDs for less than $1 for the first year.

Why wait? Grab your favorite domain name today!

Matching email
SSL certificate
24/7/365 support

What is HTTPS?

HTTPS stands for “Hypertext Transfer Protocol Secure”. The transfer protocol is the language in which the web client – usually the browser – and the web server communicate with each other. HTTPS is the version of the transfer protocol that uses encrypted communication.

The purpose of HTTPS

HTTPS performs two functions:

It encrypts the communication between the web client and web server. This is intended to prevent an unauthorized third party from intercepting the communication, such as by monitoring WLAN network traffic.

The web server is authenticated by sending a certificate to the web client at the start of the communication. This certifies that the domain is trustworthy. This measure helps to combat scams coming from fake websites.

Difference between HTTP and HTTPS

How are HTTP and HTTPS different? The simple answer is that, technically speaking, they are not different at all. The protocol itself (i.e. the syntax) is identical between the two versions.

The difference is that HTTPS uses a particular transport protocol called SSL/TLS. It is not the protocol itself but rather the transfer method that is secured. This can be illustrated through the following analogy:

  • Two people are talking to each other over the phone.
  • They are using a shared language to communicate with each other, i.e. HTTP.
  • The telephone connection for their conversation in HTTP is unsecured. If they were to communicate using HTTPS, it would be more secure preventing anyone from listening in.

The following table summarizes the most important differences from the user’s perspective:

  HTTP HTTPS
Transfer Unencrypted Encrypted
Certificate No Yes
Port number 80 443
URL address http:// https://

All current web browsers warn the user if they are trying to access a website using the HTTP protocol.

Table with screenshots of the address bar for Chrome, Firefox, Opera, and Edge
Indication of the security standard used in the address bars for different browsers.

If you click on the icons on the left in the address bar, you will receive additional information:

Screenshot of the information box that appears after clicking on the icon
Clicking on the icon opens an information box.

Depending on the browser and security settings used, the software may refuse to open an unsecured website or display a warning instead of the website.

How does HTTPS work?

HTTP itself is not responsible for security. The underlying transport protocol is. So, what is the difference?

The HTTP protocol only controls how the content being exchanged between web clients and web servers must be structured. The transport protocol, on the other hand, controls how data streams are transferred between computers. For example, it ensures that no data packets are lost. The standard transfer protocol is called TCP (the Transmission Control Protocol). This is used by HTTP.

There is an extension to this transport protocol that encrypts data streams. This extension is called TLS (previously SSL). Any communication sent using this transport protocol is encrypted so that only the actual recipient (i.e. the web browser or web server) can read the transferred content.

If the URL given is preceded by https://, the web browser automatically adds the port number 443 to it. This number tells the receiving computer that it should communicate using TLS/SSL.

SSL certificates from IONOS

Protect your domain and gain visitors' trust with an SSL-encrypted website!

Easy activation
Proven safety
24/7 assistance

Why HTTPS encryption is important

The ability of hackers to spy on and manipulate websites is growing. It is, therefore, important to encrypt data streams – especially in publicly accessible networks, such as public Wi-Fi hotspots.

HTTPS is the new standard. Websites without HTTPS are now flagged or even blocked by current web browsers. What’s more, HTTPS probably has a positive effect on a website’s Google ranking, although Google has not yet explicitly confirmed this.

The European General Data Protection Regulation (GDPR) stipulates that websites must be kept up to date with the latest security standard – and that currently means HTTPS.

Tip

In our follow-up article, you will learn how to convert your website to HTTPS.

Related articles

What is cloud security? Risks and best practices

What is cloud security? Risks and best practices

  • Security

In today’s world, we increasingly rely on cloud services. At the same time, cloud storage is by no means free from security risks. The multicloud environments of larger companies, in particular, pose a challenge for cloud security. Here, we’ll discuss the biggest security risks as well as best practices for using cloud services safely.

What is cloud security? Risks and best practices
HSTS

HSTS

  • Web development

HTTPS, the network protocol for TLS-encrypted data transfer online can be circumvented in some cases. The danger is that encrypted websites can be accessed via unencrypted HTTP. But the HTTPS extension HSTS (HTTP Strict Transport Security) forces website access via TLS encryption, closing the security gaps that hackers like to use to intercept the HTTPS connection during transport using…

HSTS
Secure network connections with IPsec

Secure network connections with IPsec

  • Know-how

A big problem with the previous Internet Protocol version, IPv4, was the missing guarantee of security standards of integrity, authenticity, and confidentiality. This previous protocol lacked the necessary means to identify data sources or enable secure transport. The protocol suite IPsec, developed for IPv4’s successor, IPv6, has changed the situation for Internet Protocol overnight.

Secure network connections with IPsec
What is HTTP?Titima OngkantongShutterstock

What is HTTP?

  • Technical matters

Every web address begins with the letters HTTP. But what does HTTP mean? And why is it important? We’ll show you what you need to know about the Hypertext Transfer Protocol, one of the oldest and most important internet protocols that is required for your web browser to communicate with the web server. So, how exactly does it work?

What is HTTP?
HTTP/3: the next Hypertext Transfer Protocol explained simply

HTTP/3: the next Hypertext Transfer Protocol explained simply

  • Technical matters

The plan is for HTTP/3 to soon replace its predecessor HTTP/2 as the new HTTP standard. HTTP/3 combines the properties of HTTP/2 and QUIC, and should make data transfer between clients and servers significantly faster. We will explain why the IETF is already introducing a new version four years after the HTTP/2 standard and what HTTP/3 can do.

HTTP/3: the next Hypertext Transfer Protocol explained simply
We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.