HTTP vs HTTPS

Whenever you visit a website you might have observed HTTP or HTTPS at the starting of the page address.

Before we explore what are these two, let’s have a look at what we call a ‘protocol’.
In general, a protocol is a set of rules defined to carry out a specific process. For example, we humans use a specific language to communicate with each other. If I speak in Hindi and you understand it, that language can be considered as the protocol for communication between us.

In networking, a protocol is a set of rules for formatting and processing data. Network protocols are like a common language for computers. The computers within a network may use vastly different software and hardware; however, the use of protocols enables them to communicate with each other regardless.

In the context of the web, there are various protocols to carry out the communication and out of those HTTP and HTTPS are the most common.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol. HTTP has some set of rules which govern the transmission of information over the world wide web. It provides communication among different communication systems. When any user sends a request to an HTTP server, the server responds by sending the requested data in the form of a webpage. HTTP is an application layer protocol that comes above the TCP layer. It provides the rules for the browsers and the web servers to
communicate with each other. The HTTP protocol uses port 80 for communication and works on the application layer.

What are HTTP requests and responses?

The HTTP requests are generated by the browser of a user as the user interacts with certain properties described on the website.
For example, if you click on the hyperlink named ‘Blog’ appearing in the menu bar, your browser would generate a series of HTTP GET requests. It is like asking the server for the appropriate data for that particular page. This is an HTTP request.

While the user’s browser sends the requests, the webserver sends back what we call a response. When an HTTP request has been made, the server processes the request and sends back a response (containing a web page document containing HTMP, CSS JS, or any server-side scripting language.) which then is rendered in the form of a web page on the user’s browser.

What is HTTPS?

The full form of HTTPS is Hypertext Transfer Protocol Secure. HTTPS ensures the security of the data while HTTP does not. We can say that HTTPS is a secured form of HTTP. The HTTPS protocol provides data transmission in an encrypted form. It’s highly recommended to uses HTTPS when dealing with confidential data like passwords, bank account details. To provide encrypted data, HTTPS uses an encryption protocol known as Secure Sockets Layer (SSL). It uses a mechanism involving two keys to encrypt and decrypt data back and forth.

Public key: This key is available to every user. Whenever a user requests data over HTTPS protocol from a server, this key first encrypts the data and sends the request.

Private key: This key is meant for the webserver. It decrypts the data.