HTTP vs. HTTPS

With encryption and authentication, HTTPS equals HTTP. The sole distinction between the two protocols is that HTTPS employs TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. An HTTP website’s URL begins with http://, while an HTTPS website’s URL begins with https://.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol, and it is a protocol — or a prescribed order and syntax for presenting information — used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol. There are two main kinds of HTTP messages: requests and responses.

HTTP requests are generated by a user’s browser as the user interacts with web properties. For example, if a user clicks on a hyperlink, the browser will send a series of “HTTP GET” requests for the content that appears on that page. If someone Googles “What is HTTP?” and this article shows up in the search results, when they click on the link, their browser will create and send a series of HTTP requests in order to get the information necessary to render the page.

What is HTTPS?

The S in HTTPS stands for “secure.” HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses. TLS uses a technology called public key cryptography: there are two keys, a public key and a private key, and the public key is shared with client devices via the server’s SSL certificate. When a client opens a connection with a server, the two devices use the public and private key to agree on new keys, called session keys, to encrypt further communications between them.

All HTTP requests and responses are then encrypted with these session keys, so that anyone who intercepts communications can only see a random string of characters, not the plaintext.