What is the difference between HTTP and HTTPS?
Read time: 6 minutes
https://www.google.com or http://www.fakewebsite.com.
What is HTTP?
What is HTTPS?
Comparing HTTP and HTTPS
- HTTP is insecure, whereas HTTPS is secure
As we talked about in the HTTPS section, HTTPS is extremely secure because of its use of asymmetric encryption for data transferred over the network. Additionally, it requires that both itself and the requestor have a valid TLS/SSL certificate to identify each user and authenticate the messages sent by the user. HTTP, on the other hand, sends messages unencrypted to the requestor. This means attacks such as Man in the Middle Attacks will be successful, allowing the man in the middle to take the information transferred to the server, which could include credit card information or other Personally Identifiable Information (PII).
- Data sent via ports
With HTTP, data is sent via port 80, which allows unencrypted data to be sent to requestors. HTTPS instead uses port 443, which allows encrypted communications to occur.
- OSI Layers and URLS
One final difference between HTTP and HTTPS is the OSI layer they work in and how URLs are structured. The Open Systems Interconnection (OSI) model is a model that shows the seven different layers that computers communicate through.
The seven layers are:
- The Application Layer
- The Presentation Layer
- The Session Layer
- The Transport Layer
- The Network Layer
- The Data Link Layer
- The Physical Layer
HTTP works in the Application Layer, and HTTPS works in the Transport Layer.
URLs with HTTP start with http:// and have an unlocked padlock on the search bar next to the URL. Because it is secure, HTTPS URLs have a locked padlock next to the URL and start with https://.