The HTTPS protocol is not new, it has existed since 1992, but until recently its use was quite limited and only a relatively small number of websites, especially in which the user entered personal data, used it.
This changed a few years ago when Google announced that it would start to mark websites that used http as Unsecured in Google Chrome. Since then there has been a race to pass all the websites to https and today it is rare to see a site that does not work under this protocol.
But ... Do you really know what HTTPS means and what are its differences compared to HTTP? In the following lines you will be able to know the main differences between both protocols and the reason why it is important to use HTTPS over HTTP, although not essential in all cases.
What is HTTP?
Before entering to see the differences between both protocols, it is important to understand what is HTTP (HyperText Transfer Protocol or Hypertext Transfer Protocol).
HTTP is the protocol that allows information transfers on the web and is based on the request-response scheme between client and server. Basically the client, usually a web browser, makes a request to the server and the server sends a response with the requested data. Upon receipt, the customer can interpret the data packets and display the information the user was looking for, usually "painting" a web page with all its elements on the computer or mobile.
What is HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is an HTTP protocol variant that adds an extra layer of security by integrating data encryption through SSL / TLS.
HTTPS is an evolution of HTTP that was created by Netscape in 1992 for its Netscape Navigator browser. The idea was to add an SSL encrypted channel in order to improve the security of data transfer through communications through this protocol.
This variant of the protocol was a success and quickly became a standard and was improved with the implementation of TLS encryption that exceeded the previous security.
HTTP vs HTTPS: the main differences
HTTP stands for HyperText Transfer Protocol and in the case of HTTPS the acronym is exactly the same by adding the word SECURE to the end.
This is the main difference between both protocols: security. In the case of HTTPS, all the information that flows between the client and the server travels encrypted through SSL / TLS protocols. In addition, in most cases the encryption is accompanied by a certificate issued by an authority that confirms that the data on the website belongs to a real person or company.
Thanks to this, the communications are safer and it is avoided that any person can intercept the communication to visualize the data without authorization with attacks Man in the Middle or similar.
Another of the most important differences between the two protocols is that HTTP works through port 80 and HTTPS 443.
Is it important to use HTTPS?
Taking into account how the web has evolved and the type of actions we perform today, the transition to HTTPS is extremely important in many websites, although there are certain exceptions where the fact that it is not present does not pose a significant problem.
Currently, practically all of us access sites where we have to enter a password to access. In addition to transferring the password, these sites usually store certain personal information and in some cases very private data such as credit card numbers, bank account numbers, invoices, etc, etc ...
In websites of this type, which can be online stores, social networks, electronic banking, digital headquarters of municipalities and other public bodies, it is very necessary to use HTTPS to give an extra layer of security to user data and ensure its integrity
But, of course, that a site continues to operate under HTTP does not directly mean that we will have problems accessing it. Many sites that only show information and that do not ask for any information from the user will not be updated to HTTPS and you can rest assured to continue visiting it, since in case they intercept the navigation data, the only thing they can know is to which website you are trying to access, from which browser and little else.
Do you have a website with HTTP? So you can pass it to HTTPS
Turning a web from HTTP to HTTPS is a fairly simple process. Of course it will depend on how the web is made, if it is through a CMS, with individual HTML pages, etc, etc ...
In any case, the first step to transfer your website to HTTPS is to verify that your hosting (the web server where you host the page) is compatible. Nowadays all the suppliers accept this type of service, although to ensure you it is not too much that you make an inquiry to the company's customer service.
When you have confirmation you can get down to work. The general steps to activate HTTPS on any website are the following:
- Hire an SSL / TLS certificate for your website. You can do this through your hosting company or use Let’s Encrypt, a free certificate that you can surely access through the control panel of your hosting.
- Access the control panel of your hosting and follow the instructions of the provider to install a digital certificate.
- Create a re-address on your website to always load the HTTPS version (this can be done from the htaccess file, the hosting control panel or directly from the head section of the HTML files).
- Check that all internal links, inserted images and other elements load from your HTTPS version. In case someone is not loading from HTTPS you will generate mixed content and the browsers could mark it as unsecured.