HTTP vs HTTPS
HTTP:
- HyperText Transfer Protocol (HTTP) is a protocol using which hypertext is transferred over the Web.
- Due to its simplicity, HTTP has been the most widely used protocol for data transfer over the Web.
- Hyper-text exchanged using HTTP goes as plain text, anyone between the browser and server can read it by monitoring the cycle. Hence using HTTP is not secure!
- Every HTTP connection establishes a TCP (very reliable) connection between server and client. If 10 requests are made, 10 TCP requests are created.
- Heavy, each request contains the body, HTTP methods, HTTP headers (content type, content length), host information, etc.
HTTPS:
- HyperText Transfer Protocol Secure (HTTPS) is a secure version of HTTP.
- It encrypts the data sent in the request so that it cannot be hacked.
- HTTPS = HTTP + Encryption
Example:
HTTP request:
GET /hello.txt HTTP/1.1
User-Agent: curl/7.63.0 libcurl/7.63.0 OpenSSL/1.1.l zlib/1.2.11
Host: www.example.com
Accept-Language: en
HTTPS request:
t8Fw6T8UV81pQfyhDkhebbz7+oiwldr1j2gHBB3L3RFTRsQCpaSnSBZ78Vme+DpDVJPvZdZUZHpzbbcqmSW1+3xXGsERHg9YDmpYk0VVDiRvw1H5miNieJeJ/FNUjgH0BmVRWII6+T4MnDwmCMZUI/orxP3HGwYCSIvyzS3MpmmSe4iaWKCOHQ==
How does HTTPS secures the request?
- In HTTPS, using TLS (Transport Layer Security), the HTTP request is encrypted by using two keys, one public and one private.
- Just like an ID card confirms a person's identity, a private key confirms server identity. When a client opens a channel with an origin server, possession of the private key that matches with the public key in a website's SSL certificate proves that the server is actually the legitimate host of the website.
HTTPS advantages over HTTP:
- Secure
- Helps in search engine optimization (SEO)
=================
The End!
ย