HTTP, HTTPS and SSL Explained (Updated 2019)

Browsing the Internet, you might have noticed that the URLs of websites you visit sometimes start with ‘http://’ and others with ‘https://’. Your Internet browser also marks websites using HTTP as insecure. In this article let us compare HTTP and HTTPS and find what all the fuss is about!

What is HTTP?

Example URL

HTTP stands for Hypertext Transfer Protocol. It is the most important protocol responsible for the transfer of data on the Internet, for example, transfer of data between your computer and the server where the website is hosted. When you visit a website, your browser fetches resources like HTML documents, scripts, etc over the HTTP protocol.

Protocols are a system of rules with which communication is carried out between the browser and the website you are connected to. The most common schemes are HTTP, HTTPS and FTP.

What is HTTPS?

HTTP Secure is nothing but a secure version of HTTP. Here, the data transfer between the browser and the website are encrypted making the transfer of sensitive information over the Internet safer and less likely to be misused by hackers tapping into the communication.

Related: What is Cross-Site Scripting (XSS) Attack?

Think of it like encoding a message before posting it to your friend. Only your friend knows how to decode the message and anyone who tries to read the message on the way will only find a bunch of gibberish.

HTTP vs HTTPS illustration

Is Your Website Still Serving Over HTTP?

If your website is still using HTTP, now is the time to implement HTTPS. It anonymizes the data that is exchanged between your website and its users and helps your website rank higher on Google Search. Using HTTPS boosts your SEO ranking as you’re conforming to best practices and making the web more secure. In order to make your website serve over HTTPS, you will have to install SSL certificates.

Related: What is a Phishing Attack & How To Protect Yourself?

What is SSL?

Illustration Showing How SSL Works

SSL or Secure Sockets Layer is the standard technology which establishes an encrypted link between a web server and a browser. A website needs to install an SSL Certificate obtained from a Certification Authority (CA) recognized globally. A few examples would be Comodo, Symantec and Let’s Encrypt.

Are SSL Certificates Available For Free?

Yes! But they weren’t always so. One had to purchase an SSL certificate from the CA and keep paying an annual fee to renew the certificate. High-security websites like the ones used by banks and e-commerce websites pay big bucks to ensure maximum security.

Related: Can We Not Forward Everything?

But it wasn’t reasonable for lower security websites like blogs, company or business websites to pay the same amount of money annually for renewing the SSL certificates. For such websites, there are options like Let’s Encrypt, a free CA, recognized globally.

Check with your domain/hosting provider if they support Let’s Encrypt. If not, you can still install a free certificate by yourself. Free SSL certificates are valid for a maximum of 90 days after which they expire. You’ll have to renew it every three months in order to keep serving your website over HTTPS.

If you need an SSL certificate for your website, you can contact us via email – ravelix410@gmail.com for a quote.