We all benefit from the extraordinary variety of websites on the internet. Entertainment, information, inspiration, services, and more are available in seemingly endless supply. Unfortunately, not all websites are benign. Just like in the real world, there are shady businesspeople, criminals, and organized crime. For example, online banking users might be lured to a fake website so that their access information can be stolen. As another example, someone might install a public WLAN hotspot to secretly intercept communication taking place.
Initially, all data traffic on the World Wide Web was handled openly in plain text and could be easily hacked. The HTTP protocol deals with the communication between the client (i.e. the web browser) and the web server without encryption. This makes criminal activities such as spying on metadata and man-in-the-middle attacks easier.
HTTPS was developed to make the web more secure. Here you will learn what HTTPS is and how it works.
$1 Domain Names
Register great TLDs for less than $1 for the first year.
Why wait? Grab your favorite domain name today!
Matching emailSSL certificate24/7/365 supportHTTPS stands for “Hypertext Transfer Protocol Secure”. The transfer protocol is the language in which the web client – usually the browser – and the web server communicate with each other. HTTPS is the version of the transfer protocol that uses encrypted communication.
HTTPS performs two functions:
It encrypts the communication between the web client and web server. This is intended to prevent an unauthorized third party from intercepting the communication, such as by monitoring WLAN network traffic.
The web server is authenticated by sending a certificate to the web client at the start of the communication. This certifies that the domain is trustworthy. This measure helps to combat scams coming from fake websites.
How are HTTP and HTTPS different? The simple answer is that, technically speaking, they are not different at all. The protocol itself (i.e. the syntax) is identical between the two versions.
The difference is that HTTPS uses a particular transport protocol called SSL/TLS. It is not the protocol itself but rather the transfer method that is secured. This can be illustrated through the following analogy:
The following table summarizes the most important differences from the user’s perspective:
| HTTP | HTTPS | |
|---|---|---|
| Transfer | Unencrypted | Encrypted |
| Certificate | No | Yes |
| Port number | 80 | 443 |
| URL address | http:// | https:// |
All current web browsers warn the user if they are trying to access a website using the HTTP protocol.
If you click on the icons on the left in the address bar, you will receive additional information:
Depending on the browser and security settings used, the software may refuse to open an unsecured website or display a warning instead of the website.
HTTP itself is not responsible for security. The underlying transport protocol is. So, what is the difference?
The HTTP protocol only controls how the content being exchanged between web clients and web servers must be structured. The transport protocol, on the other hand, controls how data streams are transferred between computers. For example, it ensures that no data packets are lost. The standard transfer protocol is called TCP (the Transmission Control Protocol). This is used by HTTP.
There is an extension to this transport protocol that encrypts data streams. This extension is called TLS (previously SSL). Any communication sent using this transport protocol is encrypted so that only the actual recipient (i.e. the web browser or web server) can read the transferred content.
If the URL given is preceded by https://, the web browser automatically adds the port number 443 to it. This number tells the receiving computer that it should communicate using TLS/SSL.
SSL certificates from IONOS
Protect your domain and gain visitors' trust with an SSL-encrypted website!
Easy activationProven safety24/7 assistanceThe ability of hackers to spy on and manipulate websites is growing. It is, therefore, important to encrypt data streams – especially in publicly accessible networks, such as public Wi-Fi hotspots.
HTTPS is the new standard. Websites without HTTPS are now flagged or even blocked by current web browsers. What’s more, HTTPS probably has a positive effect on a website’s Google ranking, although Google has not yet explicitly confirmed this.
The European General Data Protection Regulation (GDPR) stipulates that websites must be kept up to date with the latest security standard – and that currently means HTTPS.
In our follow-up article, you will learn how to convert your website to HTTPS.
A big problem with the previous Internet Protocol version, IPv4, was the missing guarantee of security standards of integrity, authenticity, and confidentiality. This previous protocol lacked the necessary means to identify data sources or enable secure transport. The protocol suite IPsec, developed for IPv4’s successor, IPv6, has changed the situation for Internet Protocol overnight.
HTTPS, the network protocol for TLS-encrypted data transfer online can be circumvented in some cases. The danger is that encrypted websites can be accessed via unencrypted HTTP. But the HTTPS extension HSTS (HTTP Strict Transport Security) forces website access via TLS encryption, closing the security gaps that hackers like to use to intercept the HTTPS connection during transport using...
In the digital age, we are increasingly resorting to cloud services: At work, people collaborate on projects together in the cloud, and in their free time, they share photos from their last vacation. At the same time, cloud storage is by no means free from security risks. The multi-cloud environments of larger companies, in particular, are becoming a challenge for cloud security. Here, we will...
Every web address begins with the letters HTTP. But what does HTTP mean? And why is it important? We’ll show you what you need to know about the Hypertext Transfer Protocol, one of the oldest and most important internet protocols that is required for your web browser to communicate with the web server. So, how exactly does it work?
The plan is for HTTP/3 to soon replace its predecessor HTTP/2 as the new HTTP standard. HTTP/3 combines the properties of HTTP/2 and QUIC, and should make data transfer between clients and servers significantly faster. We will explain why the IETF is already introducing a new version four years after the HTTP/2 standard and what HTTP/3 can do.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages
