HTTP vs. HTTPS: Definition, Comparison & Security Implications

HTTP is the hypertext transfer protocol that enables a browser (like your computer's) to get resources from a server (like a website's). HTTPS is a secure form of this protocol that blocks some types of activities from hackers. 

Of the top 100 sites as ranked by Google, 90 default to HTTPS. The resistant ten will likely make the switch as security and privacy grow even more important to consumers and businesses.

Difference between HTTP and HTTPS 

Browsers and servers rely on a shared protocol to connect and communicate with one another. That protocol is HTTP, which stands for the hypertext transfer protocol. 

The protocol is stateless, meaning that it connects as soon as something asks it to do so. You don't need to jump through hoops or do anything special to make it work. In fact, you probably used HTTP to get to this page. 

When you type in a website address, whether you tap the "http" letters in or not, your device uses the protocol to chat up the destination server. A series of "get" requests through HTTP protocols allow your device to ask for all the pieces it needs to load a web page. 

The HTTP protocol is the internet's foundation, but users quickly learned that their communication wasn't secure. In the 1990s, developers created the HTTPS protocol, which builds on the benefits of its predecessor. 

The HTTPS protocol has three important additions:

  1. Encryption: At the start of a connection, your browser and a server set session keys to protect data in transit. 
  2. Authentication: Users get assurances that they're truly connecting with the server they requested. 
  3. Protection: Data can't be altered in transit. 

Originally, people only used HTTPS for sensitive transactions, including those involving money. But now, people use it for almost everything. 

Security is the main difference between HTTP vs. HTTPS. If you're not using the newer version of the protocol, any data you give a website (such as your password or Social Security number) is exposed and readable by hackers. Similarly, hackers could alter anything you do on a site without your knowledge, or you could connect to the wrong site altogether. 

HTTP vs. HTTPS: advantages and limitations

As a website owner or manager, you have the choice to implement the newer HTTPS protocol or stick with the older HTTP protocol. 

Advantages of HTTP include:

  • Ease of administration. You don't need a fancy certificate or proof of ownership to get started. You can set up your site and start right away. 
  • Familiarity. If your website is older, you've probably used the HTTP protocol. If you dislike the idea of changing anything that's working, you may resist the switch. 
  • Site equity. To implement HTTPS, you'll need to redirect all of your old web pages to the new versions. That could have (subtle) implications for your visibility in search engines. 

Limits of HTTP include:

  • Lack of privacy. As we've mentioned, this model completely exposes traffic. 
  • Poor performance. Search engines like Google use HTTPS as a ranking signal. Even if your site is old and has plenty of equity, your new pages may not rank highly on a search engine results page