Http vs. Https: What is the difference?

[DavidLux]

Hello webmasters,

Can you show me pros and cons of Http vs. Https ? I know https is more secure but why it is then I didn't know.

If possible, plz show me what is the difference between Http vs. Https?

Thanks
David

 

[JRichar]

As a quick look of this comparison;
HTTPS protocol uses SSL, Secured layer. so your data is crypted before sending. If anybody tries to read the data, they will see crypto.

 

[mido]

Now when Google is ranking HTTPS slightly better it is a good idea to get a SSL cert for your sites. It is not that expensive either nowdays.

 

[Hawker]

Hawker

https only accounts for about 1% of your overall SEO score as considered by Google. Getting an SSL certificate for your site is no way a guarantee that Google will rank your site higher because of it. You have to get the other 99% of your SEO score up for that to happen. It's like having an an XML sitemap, just one part of your on-page SEO. You still need great content, usability and structure.

Having an SSL cert on your site can install confidence in your sites users/buyers.

Anything shared/transmitted on that site or from that site is securely encoded so that nobody can see/sniff that data.

But does your site need an SSL?

Not all sites need them. Example; wallpaper sites, or sites that don't require the transmission of any sensitive, private data like names, addresses, credit/debit card, bank details etc.

However, if your site provides login ability, and transmits any of these kinds of sensitive information, payment info etc, then your site definitely needs an SSL certificate.

It's just the standard thing today.

But you might not necessarily want to use SSL all over your site.

You can offer your browsers/readers/visitors the http version of your site.

Then have it switch automatically to using SSL (https) for those that signup/login/checkout etc.

 

[MightWeb]

Basically, whilst slightly slower, SSL will add a layer of security on any transmissions to and from your web server to your visitor. It's essential for any e-commerce website, where transactions are made, for example. There are also several layers of SSL, where some provide a stronger encryption than others. When offering credit card payment through a website (for example), you'll want an SSL certificate with extended validation - as these are stronger cryptos for one, and also ensures your visitor they are dealing with the actual company, as these certificates are not handed out without authorization by the certificate authority.

That's a long story short - but the main point is that it's a good thing to have your website using HTTPS, and it makes life a tad bit more difficult for evil-doers. You can secure a domain with SSL for about $10'ish per year nowadays (and soon free, once Let's Encrypt is launched).

 

[ElixantTechnology]

ElixantTechnology

I just looked into Let's Encrypt, and I don't think in my opinion that it would be a viable solution. From what I can tell, Mozilla is the only browser that would trust the certificates, which really limits things. I may be wrong of course.

Anybody can generate a certificate using OpenSSL, however, what you actually pay for is the signing authority that has partnered with browsers, software companies and payment processors to provide a level of trust. Sure, a $10 certificate will provide some security, however $150 a year for an EV-SSL will show a huge amount more trust with not only customers, but once again, your payment processors. Personally (and I am not the only person), I don't trust websites that use domain validated certificates. Anybody can get them, no verification of the business being valid and registered. Also, PCI compliance is another big thing in the eCommerce world.

 

[lawrencegordon]

lawrencegordon

Perhaps, because of this G loved sites that having SSL, it makes more trustworthy than sites without SSL but I don't see more diffidence when checking on search resutls for sites SSL and non SSL.

 

[MrGravyCakes]

These websites secure your data. It is important to check when you are making a purchase that the site is HTTPS, so that you know that you are on a site with SSL and it will protect your data.

 

[merapata]

(HTTP) HyperText Transfer Protocol
(HTTPS) HyperText Transfer Protocol Secure
Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

For This you need to install SSL in your server for your Domain

SSL encrypts the connection between your computer and users/Google/Any Search Engine. This helps prevent others, like Internet cafes, Internet Service Providers, and Wi-Fi hotspots, from seeing users activity, login, and any other activity and important information.

There is most and latest Update that encourage you to use SSL is Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites. More detail you can google..

Cheers

 

[EpicGlobalWeb]

SSL stripping can still be done and although it's a good idea to secure your site by adding layers like this, its better to secure it in the scripting itself. SSL is only a slight security advantage and any one actually interested in hacking your site knows the best method of security is a strong password and 256 bit encryption.

Encryption like MD5 for example is pretty weak and there are automated programs which can easily brute force or dictionary attack these.

SQL injection is one other method which can bypass SSL security. So your main benefit is a marginal SEO bump and keeping the script kiddies at bay. It also gives your customers a sense of trust with their visual green bar and lock.

 

[Mike_Brown]

If your website has an integrated Payment gateway, HTTPS is essential. The speed difference is not large enough for a user to notice and search engine's prefer the secure connection so you don't need to worry about being penalized for the slightly slower load times.

 

[DavidLux]

DavidLux

You are right, I read more about this, I also had an eCommerce website and I moved it to HTTPS, everything seems to be good now. The problem is, I only know HTTPS help my site better secure but how does it work and why it is making websites secure then maybe i need go to into details further.

 

[WebmasterPhil]

HTTPS is recommended for eCommerce activity. If your website doesn't involve transactions, then it's not an absolute necessity. You do have to pay annual fee for an SSL certificate to be installed on your website for HTTP to become HTTPS, so examine your website's purpose and ask yourself, does it really need it.

 

[Web Marketing Tool]

PROS
You get a slight SEO boost
It shows visitors that you are serious
It makes hacking more difficult closing some doors hackers use
It is required if you are handling credit card payments on your site
Any secure sites that want to post your content (exa: banner code you provide them) will have issues
The referrer header is lost when going from an SSL site to a non SSL site. It works fine the other way around. So if you don't have SSL you won't know as much about where your visitors are coming from.
If you have optin forms (whether for member login or for capturing leads) it is a good idea and browsers are starting to throw warnings if you have forms and don't have SSL.

CONS
Slows down page load VERY slightly
Costs money
When it expires it will throw an error message if you don't remove it or renew it (so if you don't use the site and "forget" about it your site would be down. I've seen this issue too many times).
It needs a dedicated IP which in most cases means more money and time to setup

NOTES
It's getting cheaper and easier to do SSL than it was in the past. In the future you may see more and more penalties for not having SSL. Below is the error I see in the console when visiting a page that has a password field and no SSL:
Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.

I also see indications of warnings on other forms (like in developer tools the URL is red when doing a form and it's not using SSL).

Also, nearly all the big sites are forcing SSL connections for their sites. I wouldn't be surprised if big sites like Facebook start also showing preference to posts linking to secure sites.

I think most websites have it backwards. They pay to have privacy (decreasing a visitors trust) and they don't pay to use SSL.

In short, in my opinion if your site is worth more than a couple hundred dollars than SSL is worth it.

 

[RebeccaDooley]

HTTP stands for Hyper Text Transfer Protocol. The thing is being cleared that HTTPS is a secure version of the HTTP protocol.

The Disadvantages Of HTTPS

It uses a lot of server resouces
Browser Caching Wont Work Properly
HTTPS Introduces Latencies
The Mixed Modes Issue
Proxy Caching Problems


The Advantages Of HTTPS

Identity Verification
Data Integrity
SEO
Trust

 

[EpicGlobalWeb]

EpicGlobalWeb

I wouldn't necessarily say that the resources it uses are all that laborious considering the problem it solves, even though you're technically correct. Most people's internet connections are robust enough now where the extra processing it does is worth the added security benefit.

To me it's mostly a trust badge. Your data on the internet is always vulnerable. The only difference is how vulnerable.

 

[virtubox]

virtubox

HTTPS doesn't use more server resources, and the browser caching work properly with SSL/TLS.
There is a latency during the first connection due to SSL handshake but using the HSTS (HTTP Strict Transport Security) header, you will allow browser to create cache and the next connections will not be impacted by the latency.
The Mixed content issue could be quickly fixed, you just have to check what resources are loaded in http.

You have also to consider SSL certificate is totally free now (letsencrypt, cloudflare, startssl etc ...), only EV certificates need to be paid.
And the biggest advantage of using HTTPS is the new Protocol HTTP2 :

[URLnofo]https://www.cloudflare.com/http2/what-is-http2/[/URLnofo]

 

[MovelikeJackson]

MovelikeJackson

HTTPS should not cause an issue with caching at all..

 

[SenseiSteve]

Google just released a statement on September 8th, outlining their timeframe to start marking HTTP sites unsecure. If you don't already have HTTPS enabled, you might want to get on the ball.

 

[alices00ze]

HTTP stands for HyperText Transfer Protocol's (transfer protocol hypertext). This is an application protocol of the TCP / IP (including a group of platforms for internet protocol).

HTTP-based activity model Client - Server. In this model, the user's computer will act as the client (Client). After a certain manipulation of the user, the client sends a request to the server (Server) and wait for the answer from this server. To be able to talk to each other, the server and client must be done through the exchange of protocol. One of the protocols used most often is HTTP.
Is used so widely as contained in its HTTP but not at the point of restriction. As you proceed to make the access a Web site through the HTTP protocol, the browser will execute the connection to the Server version of the Web site through the IP address by domain name resolution system DNS provider.

In the process of connecting and exchanging information, your browser will automatically acknowledges that IP address from the server of the website that you want to access without authentication measures. The information is transferred via the HTTP protocol (including your IP address, the information you input on the Website ...) he will not be encrypted and secure.

This leads to the risk of your connection session to the server of the website may be "eavesdropping", or your access to be redirected to a Web page posing with original design which is identical Website users unaware.

If you regularly use the online banking service, you will find the address when accessing the bank's domain name, protocol it uses HTTPS instead of HTTP will be at the site as usual. This is because, the upgraded version of HTTP HTTPS is used to enhance the security capabilities of information after each access.

HTTPS is the abbreviation for "Hypertext Transfer Protocol Secure". This is a combination of HTTP and SSL security protocol or TLS. HTTPS makes exchange information securely over the Internet.

Unlike HTTP, HTTPS authentication will support the legitimacy of the Website where users access through secure authentication checks (security certificate). The authentication security is provided and verified by the CA (Certificate Authority) is reputable. With the authentication from the CA, the user can know that we have the right access to the Website to access a Web site rather than any other pretending.

Besides, the session connection between your browser to the server will be encrypted. This will help hide your IP address and input information about your account on the Website from the gaze of the hacker. HTTPS does not bring 100% secure. However, this is an effective security measure instead of using the traditional HTTP protocol risky capital available.

Hope this helps!

 

[Riviera]

http:// and https://
The http:// is the HyperText Transfer Protocol - basic transfer protocol based on TCP / IP. You can see our forum: webmastersun.com is now using http.
The https:// is the secured/encrypted transfer protocol - more secure than http:// because all the data transfered is encrypted with SSL. https:you can see google.com, yahoo.com, microsoft.com for example.

 

[Talaa]

HTTPS is the secure version of HTTP, which means that all communications between the browser and the website are encrypted. Especially if you are running an online business, you definitely need it, because your website with HTTPS means secure and trusted, your visitors fell safe on your website. Additionally, Google ranks higher HTTPS site because HTTPS is a reference factor in search ranking algorithms.

 

[Carly Swinson]

Http means Hyper Text Transfer Protocol. It enables internet clients to exchanging data like picture, content, video, music, realistic and different documents on site pages. Http is essentially used to get to html pages and furthermore different assets can be open utilizing HTTP. HTTPS means Hypertext Transfer Protocol Secure. HTTPS is a convention which utilizes an encoded HTTP association by transport-layer security. At times, the customers might trade private data with a server, which should be anchored for keeping some hacking issue. Therefore, HTTPS was created by Netscape Corporation to permit approval and anchored exchanges.

 

[JackAubry]

The difference if everything.
Unsecured websites are a dead end.(obsolete, not to be trusted)
You have to go HTTPS

The sooner the better

 

[JRyan]

Google has marked https as a factor when ranking your site in SERP(search engien results page). Plus, poplular browsers like Chrome, Firefox show a http site as insecure in the address bar, which will give it's visitors a sense of insecurity.

 

[JoyFreak]

Https and the s stands for secure.
This is good for sites that sell products and services that tell the customers that the connection is secure and that no malicious activity would take place.
This is to help customers understand that safety of your site.
Adds that extra professionalism to it.

 

[s3_gunzel]

There's a lot of misinformation in this thread. Going to try to clear some of it up since I have some time free.

Now when Google is ranking HTTPS slightly better it is a good idea to get a SSL cert for your sites.

Really, a slight ranking boost should be the last reason that you choose to use HTTPS:443 over HTTP:80. Sure, the slight boost in rank is great and all, but it's certainly not going to be permanent without the data to keep it there.

Basically, whilst slightly slower, SSL will add a layer of security on any transmissions to and from your web server to your visitor.

With the introduction of HTTP/2 (which more or less requires SSL) this is an outright lie; if you set up your server correctly, HTTPS will likely be faster than HTTP. HTTPS was originally slower because it was tacked onto a really old RFC standard. RFCs were updated, things are now faster.

I just looked into Let's Encrypt, and I don't think in my opinion that it would be a viable solution. From what I can tell, Mozilla is the only browser that would trust the certificates...

That's certainly not the case, considering I now have Chrome liking my LE certs. I would not use anything else unless I needed an Extended Validation Certificate, which I don't, because I'm not a bank.

These websites secure your data. It is important to check when you are making a purchase that the site is HTTPS, so that you know that you are on a site with SSL and it will protect your data.

SSL has little, if anything, to do with the data stored on a webste. Saying that a site is completely, 100%, fantastically secure because it has a green padlock is naive. You can't expect data stored on a website to be secure, and you can't use HTTPS as a measurement of that since SSL only crypts the transport. Not the insertion into the database, not the maintaining of that database, just getting it from you to them. That's it.