HTTP & HTTPS

 

HTTP (Hypertext Transfer Protocol)

HTTP is an client-server protocol that allows clients to request web pages from web servers. It is an application level protocol widely used on the Internet. Clients are usually web browsers. When a user wants to access a web page, a browser sends an HTTP Request message to the web server. The server responds with the requested web page. Web servers usually use TCP port 80.

Clients and web servers use request-response method to communicate with each other, with clients sending the HTTP Requests and servers responding with the HTTP Responses. Clients usually send their requests using GET or POST methods, for example GET /homepage.html. Web servers responds with a status message (200 if the request was successful) and sends the requested resource.

An example will clarify this process:

 HTTPS (Hypertext Transfer Protocol Secure)

 

Hypertext Transfer Protocol Secure is a secure version of HTTP. This protocol enables secure communication between a client (e.g. web browser) and a server (e.g. web server) by using encryption. HTTPS uses SSL (Secure Socets Layer) protocol and for encryption and TCP port 443 for communication.

HTTPS is commonly used to create a secure channel over some insecure network, e.g. Internet. By default, most traffic on the Internet is unencryped and susceptible to sniffing attacks. HTTPS encrypts sensitive information, which makes a connection secure.

HTTPS is usually not used on the entire website because encryption slows down the site. Instead, it is used only to protect sensitive information like usernames and passwords.

HTTPS URLs begin with https instead of http. In Internet Explorer, you can immediately recognize that a web site is using HTTPS because a lock appears to the right of the address bar: