Explained: HTTP vs HTTPS
HTTP and HTTPS appear similar but have different security implications. Read about how these can affect you.
HTTP
Hypertext Transfer Protocol, also known as HTTP, is a protocol which allows users to send and receive data packets over the Internet. The first documentation of HTTP was in 1991 and only consisted of one request method known as GET, allowing users to ‘get’ data from specified resources.
For example, when a user clicks on a hyperlink to Google, the browser will send multiple ‘GET’ requests so that the content will appear on the website.
What’s wrong with HTTP requests?
A HTTP request, which is generated by a user’s browser, is sent across the Internet. The problem is that when the information is sent just like this, it is sent in plaintext so that anyone monitoring the connection can read it.
This is especially an issue when users submit sensitive data via a website or web application over HTTP. This could be something like a password, a credit card number, or any other data entered into a form. With HTTP, this data is sent without any security to protect the information.
HTTPS
HTTPS, also known as Hyper Text Transfer Protocol Secure, was the combination of HTTP and SSL. Since it was found that sending credit card information as well as any other sensitive information over HTTP allowed attackers to view it easily, SSL (Secure Socket Layer) was built in 1994 to create a more secure channel to send the information over.
This is so that if attackers were trying to intercept and steal the sensitive information, all they would get is letters and numbers that have no correlation to the information itself.
In 1999, the first version of a new protocol named Transport Layer Security (TLS) was released which essentially evolved from SSL. Nowadays, websites choose to adopt these encryption protocols and use HTTPS compared to maintaining HTTP sites.
Are all HTTPS sites safe?
Whilst it is also common knowledge that HTTP sites don’t have strong security in place, especially now that Google Chrome marks all HTTP sites as ‘not secure’, this does not mean that all HTTPS websites are safe.
Malicious sites such as phishing pages can still just as easily be hosted on websites which use encryption, it just means that any information sent across to the attackers would be secure, so don’t trust a link to a site just because it starts with https!
If you are sent an email which you are unsure about which contains links to sites that you aren’t aware of, don’t hesitate to send any suspicious emails or sites to [email protected] – we are more than happy to check for you.