EASY UNDERSTANDING OF WEB PROTOCOLS – ‘HTTP & HTTPS’
What is ‘http’ ?
Http is a short abbreviation of hypertext transfer protocol. Http offers set of rules and standards which govern how any information can be transmitted on the world wide web . Http provides standard rules for web browser and server to communicate. Http is an application layer network protocol which is built on top of TCP. Http uses hypertext structured text which established the logical link between nodes containing text. It is also known as ‘stateless protocol’ as each command is executed separately , without using reference of previous run command .
What is https stand for ?
Https is a short abbreviation of hyper text transfer protocol secure. It is highly advanced and secure version of http. It uses the port no. 443 for data communication . it allows the secure transaction by encrypting the entire communication with SSL . It is a combination of SSL/TLS protocol and HTTP. It provides encrypted and secure identification of a network server. Https also allows you to create a secure encrypted connection between the server and the browser. It offers the bi- directional security of data. This helps you to protect potentially sensitive information from being stolen.
Come to advantages of http ?
- Http can be implemented with other protocol on the internet, or on other networks
- Http pages are stored on computer and internet caches, so it is quickly accessible
- Platform independent which allows cross platform porting
- Does not need any Runtime support
- Usable over Firewalls. Global applications are possible.
- Not connection oriented, so no network overhead to create and maintain session state and information
Advantage of https ?
- In most cases, sites running over https will have a redirect in place. Therefore even if you type in http:/ it will redirect to an https over a secured connection.
- It allows users to perform secure e- commerce transaction, such as online banking
- SSL technology protects any users and builds trust
- Any independence authority verifies the identity of the certificate owner. So each SSL certificate contain unique, authenticated information about the certificated owner.
Lets move to the limitations of http ?
- There is no privacy as anyone can see content
- Data integrity is a big issue as someone can alter the content. That’s why http protocol is an insecure method as no encryption methods are used
- Not clear who you are talking about. Anyone who intercepts the request can get the username and password.
Limitations of https ?
- Https protocol can’t stop stealing confidential information from the page cached on the browser
- SSL data can be encrypted only during transmission on the network. So it can’t clear the text in the browser memory
- Https can increase computational overhead as well as network overhead of the organisation.
Difference between http and https?
|http||It is hypertext transfer protocol|
|https||It is hypertext transfer protocol with secure|
|http||It is less secure as the data can be vulnerable to hackers|
|https||It is designed to prevent hackers from accessing critical information. It is secure against such attacks|
|http||It uses port 80 by default|
|https||it was use port 443 by default|
|http||HTTP URLs begin with http://|
|https||HTTPS URLs begin with https://|
|http||It’s a good fit for website designed for information consumption like blogs|
|https||If the website needs to collect the private information such as credit card number, then it is a more secured protocol|
|http||http does not scramble the data to be transmitted . that’s why there is a higher chance that transmitted information is available to hackers|
|https||https scramble the data before transmission . At the receiver end , it descrambles to recover the original data. Therefore the transmitted information is secure which can’t be hacked|
|http||It operates at TCP/IP level|
|https||https does not have any separate protocol. It operates using http nut uses encrypted TLS/SSL connection.|
|Parameter||Domain name validation|
|http||http website do not need SSL|
|https||https requires SSL certificate|
|http||http website doesn’t use encryption|
|https||https website use data encryption|
|Http||http does not improve search ranking|
|https||Https help to improve search ranking|
|https||Slower than http|
|http||Vulnerable to hackers|
|https||It is highly secure as the data is encrypted before it is seen across a network.|
Types of SSL /TLS certificate used with HTTPS ?
Domain validation: domain validation validates that the person who applies for a certificate is an owner of the domain name. This type of validation generally takes a few minutes up to a few hours.
Organization validation: the certification authority not only validate the domain’s ownership but also owners identify .it means that an owner might be asked to provide their identity.
Extended validation: extended validation is a top most level of validation . It includes validation of domain ownership , owner identity as well as registration proof of business.
What happen when a request for a website URL is made which is on HTTP protocol ?
As the first step , it is the job of http to find out the server and once the communication route is established the server sends a text to the browser . This text could either be in its pure form or encrypted from which is then rendered by the browser or used for whatever purpose it has to be used.
Https sounds great. What else should you know about it ?
- HTTPS request take more time to process
- Because it needs more time to process , it needs more hardware – the server that you are utilizing . this also means additional cost
whereas , for http you use lesser energy as compared to https as the communication happens faster. However, I will not refer to it as a limitation for https. It is highly subjective and personal, I consider it a very low cost that we pay to ensure our privacy. The idea of building a secure web has been around for a while . Building a secure web as an agenda is being driven by likes of Google, Facebook and so forth as I had mentioned this is primarily because of the following two reasons-
- User data and user privacy: using https ensure that you as a developer care value user data, user’s privacy, and its security.
- Protecting your data : as a developer ,we would never want to give away our critical data to malicious participants.
SEO advantages of switching to https ?
It is clear that https offers security, so it is definitely the choice to put you in Google’s good graces. There are also some additional SEO benefits for you to consider.
Here’s why you should use https for your entire site:
- Increased ranking: the obvious one. As stated ,Google has confirmed the slight ranking boost of HTTPS sites. Like most ranking signals, it is very hard to isolate on its own, but this is still something to keep in mind . On the plus side, the value of switching of HTTPS is very likely to increase over time.
- Referrer data : when traffic passes to an HTTPS site, the secure referral information is preserved . this is unlike what happen when traffic passes through an HTTP site, and it is stripped away and looks as though it is ‘direct’
- Security and privacy: https adds security for your SEO goals and website in several ways:
- It verifies that the website is the one the server it is supposed to be talking to
- It prevents tampering by third parties
- It makes your site more secure for visitors
- It encrypts all communication, including URLs which protects things like browsing history and credit card number.
The clear conclusion here is that switching to HTTPS will help you stay in good graces with Google. Along with all of the SEO benefits we discussed https is a far more secure system for your website to operate. Security your site and your users is the most important aspect of making the switch from HTTP and HTTPS. HTTPS is not only good for secure but also for referrer data and other SEO strategies. When looking at the issue holistically and considering the future of what Google is likely to do with HTTPS, I recommend switching over to HTTPS ,to keep up with Google.