HTTPS vs HTTP: the vital importance of using HTTPS
Blog / HTTPS vs HTTP: the vital importance of using HTTPS
The difference between using HTTPS over HTTP may seem negligible to most internet users. The majority likely won’t even understand what HTTP is and what it does, so ensuring HTTPS is used is simply an afterthought.
However, the importance of utilising HTTPS over HTTP cannot be understated. HTTP requests are sent in plaintext over the internet, and anyone can read them. HTTPS requests, on the other hand, are encrypted and so are far more secure. Data sent and received could be very sensitive, such as a password or credit card number, so it is important this remains private.
HTTP stands for Hypertext Transfer Protocol and is a protocol for transferring data over a network. Most of the information sent over the internet uses this protocol, and the two main types of HTTP messages are requests and responses.
The ‘S’ in HTTPS stands for ‘secure’ and requests and responses are encrypted using Transport Layer Security (TLS) (or SSL, Secure Sockets Layer). Therefore, instead of seeing plain text, what you would instead see is a seemingly random selection of characters.
Why HTTPS should always be used
In the past, HTTPS was limited to only secured payment transaction services and high-end corporate information systems and was historically an expensive option. In 2016, a campaign led by the Electronic Frontier Foundation resulted in the protocol becoming more prevalent, and HTTPS is now used more often than the original HTTP.
HTTPS ensures authentication of the accessed website and the privacy and integrity of the exchanged data while in transit. For a website to utilise HTTPS a trusted third party must sign server-side digital certificates.
HTTP is not encrypted and so is vulnerable to eavesdropping and ‘man-in-the-middle’ attacks. This can enable attackers to gain access to website accounts and sensitive information, as well as tamper with webpages to inject advertisements or malware. HTTPS is designed to withstand such attacks.
From a business standpoint, your website should use HTTPS as it gives the impression it is trustworthy and secure. Additionally, only HTTPS verified websites get to be highly ranked in search engine results from providers such as Google.
How to ensure you are using HTTPS
Despite sites once using HTTP as the norm for data transfer, they are now advised against from using.
Most browsers will display a warning if you are trying to access a site not using HTTPS. In 2018, Chrome began to label HTTP sites as ‘not secure’ and newer browsers display a warning across the entire screen. They are generally advised as being sites ‘not recommended’ from visiting.
Modern browsers will display a padlock (or something similar) in the address bar to indicate a site is secure and is utilising HTTPS and the padlock appears unlocked or with a red cross over it if HTTPS is not in use. You can also often click on the padlock to show a site’s security certificate.
Many websites now use HTTPS as default but a way to ensure you are always using the protocol where possible is to use the popular free browser extension HTTPS Everywhere developed by the Electronic Frontier Foundation and The Tor Project.
Using HTTPS is important both as a user and an operator. It helps to protect page authenticity online, secure accounts and keep communications and identities private. For a website, using HTTPS is vital as without it your traffic will be severely reduced and you are likely to be viewed as not being as trustworthy as others.
There are simple ways to ensure you are using HTTPS wherever possible.
Many HTTPS related diagnostics are available through the check-up provided by Securiwiser which can help ensure your site is fully secure and verified. Find out more here.
Previous ArticleMulti-Vector cyber attacks
How secure is
How secure is