When you visit a website, you’ve seen the “HTTP” or “HTTPS” protocol prefix at the beginning of the website address you entered. But what exactly do those letters mean?
Generally speaking, HTTP stands for Hypertext Transfer Protocol and HTTPS stands for Hypertext Transfer Protocol Secure. Naturally, the difference lies beyond these two acronyms.
How Does This affect my Site?
Google’s goal is to move towards a more secure internet and offer users a safe experience.
As of July 2018, the Chrome browser marks HTTP sites as “not secure”.
Even if you do not use Chrome plenty of others do – it is the most widely used browser. Other browsers like Edge and Firefox also designate HTTP sites as not secure but are still using the less obvious method where you have to click on the info circle.
What is HTTP?
The HTTP protocol is a procedural system that sends requests and receives responses from a server that connects your web browser to the internet. In other words, the information you send from your web browser to the internet, over this protocol, is transmitted via plain text. Which means, anyone, trying to intercept the connection between the two, can do so without difficulty, and see precisely, what you were viewing and sending to the website.
So, if you are entering personally identifiable information into a web page, such as your name, email, residential address, telephone number, credit card info, or social security number, you run the risk of having your information exposed over the internet. Even more dangerous, becoming a victim of identity theft.
What Happens When “S” is Added?
While HTTPS follows the same protocol as HTTP, the difference lies in the letter “S,” aka, HTTP Secure.
The implication here is that everything you send from your web browser to the internet is encrypted before being transmitted and cannot be read by hackers should they hijack your connection. In this case, your data is incomprehensible and unusable by anyone until it reaches its destination.
How Does HTTPS Work?
OK, the breakdown can get technical very quickly, so let’s try to keep this simple and to the point.
What’s important to understand about HTTPS, is that, even though it follows the same protocol as HTTP, the two are separate and distinct communications that operate on two different ports. Both focus on how data is displayed to the user, but neither is concerned with how that data moves from one location to the other.
HTTP is an application layer protocol, which defines how clients and servers on different systems communicate with one another. It runs on Transmission Control Protocol (TCP) Port 80, and all the information you send and receive from your computer must go through this port.
While HTTPS functions the same way, there are a few distinctions. It operates on TCP Port 443 and utilizes two additional protocols to protect and encrypt your information as it travels safely from your computer to the web server: Secure Socket Layers (SSL) and Transport Layer Security (TLS).
Just to note, TLS is a more updated and secure version of SSL. Although, many sellers prefer the more commonly used term SSL. In some cases, when you purchase an SSL certificate, you may be getting the latest version of TLS. Nonetheless, they are both digital certificates that encrypt your data.
Why You Should Upgrade
If you are running an online business and collect personally identifiable information – as mentioned earlier – it is imperative you install HTTPS. Without it, you are potentially compromising your visitors’ and customers’ data, and risking the success of your business.
If you operate a blog and collect email addresses from visitors it is still a good idea.
The last thing you want is to be liable for having exposed your visitor’s data. So, it is essential you protect it at all costs.
HTTPS provides various layers of protection for your website such as:
- Encryption
- Data Integrity
- Authentication
Additionally, an increase in the speed of your site, higher rankings, and added security are worth upgrading to the HTTPS protocol.
Here are a few stats from the Google blog:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
You can upgrade to HTTPS yourself by contacting your web host. If you have questions or aren’t clear on why you should upgrade please contact us.