HTTP stands for Hyper Text Transport Protocol, which is just a fancy way of saying it’s a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients. This all is of no use. The important thing is the letter S which makes the difference between HTTP and HTTPS. The S (big surprise) stands for “Secure“.
If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://. This means that the website is talking to your browser using the regular ‘unsecure’ language. In other words, it is possible for someone to eavesdrop on your computer’s conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an “HTTP†website..!!
But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.
If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn’t, there’s no way you’re going to enter sensitive information like a credit card number..!!
You won’t see anything different between the HTTP and HTTPS sites. There are only two differences you’ll notice:
- The web address (at the top of your web browser) will begin with https instead of http.
- Your web browser may give you a message something like, You are about to view pages over a secure connection.
There are some other primary differences between http and https, however, beginning with the default port, which is 80 for http and 443 for https. Https works by transmitting normal http interactions through an encrypted system, so that in theory, the information cannot be accessed by any party other than the client and end server. There are two common types of encryption layers: Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both of which encode the data records being exchanged.
When using an https connection, the server responds to the initial connection by offering a list of encryption methods it supports. In response, the client selects a connection method, and the client and server exchange certificates to authenticate their identities. After this is done, both parties exchange the encrypted information after ensuring that both are using the same key, and the connection is closed. In order to host https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner’s identity. Most certificates are verified by a third party so that clients are assured that the key is secure.
Https is used in many situations, such as log-in pages for banking, forms, corporate log ons, and other applications in which data needs to be secure. However, if not implemented properly, https is not infallible, and therefore it is extremely important for end users to be wary about accepting questionable certificates and cautious with their personal information while using the Internet.