Everyone benefits from the incredible variety of web pages on the Internet: we find entertainment, information, inspiration and services in seemingly unlimited quantities. Unfortunately, not all pages are benign: as in the analog world, there are businessmen with double intentions, delinquency and organized crime. In this way, for example, an online banking user can be tricked by a fraudulent web page to obtain access data to their accounts, or someone can install a public Wi-Fi hotspot to spy on the communication between two or more. people..
In the beginning, all internet data traffic was managed openly, in plain text and easy to hack. The HTTP protocol mediates communication between the client (browser) and the unencrypted web server, facilitating criminal activities such as metadata spying or man-in-the-middle attacks.
The HTTPS protocol was developed to make web browsing more secure. We tell you what it is and how it works..
HTTPS is the acronym for Hypertext Transfer Protocol Secure (in Spanish, secure hypertext transfer protocol). In a sense, the transfer protocol is the language in which the web client? Usually the browser? and the web server communicate with each other. HTTPS is a version of the transfer protocol that uses strong encryption for communication.
HTTPS serves the following two functions:
Communication between the web client and the web server is encrypted . Through this system, it is prevented that an unauthorized third party has access to the data, for example, by observing the traffic of the Wi-Fi network..
The web server authenticates itself by sending a certificate to the browser right at the beginning of the data transmission, which guarantees the reliability of the domain. This measure helps fight fraud by fake web pages.
How are HTTP and HTTPS different? The answer is simple, technically they do not differ at all. The protocol itself, that is, the syntax, is identical in both variants.
However, HTTPS uses a special transmission protocol , called SSL / TLS. It is not the protocol itself that offers more security, but the type of transfer. To better understand it, consider the following analogy:
The following table summarizes the most important differences from a user perspective:
All current web browsers warn the user when accessing a web page under the HTTP protocol.
If you click on the icon on the left of the address bar, you will get more information:
Depending on the browser and security settings, the software will even refuse to open unsafe web pages or display a warning instead.
It is not HTTP itself that is responsible for security, but the underlying transfer protocol. What is the difference?
The HTTP protocol only regulates how the content that the browser and the web server exchange with each other should be structured . Instead, the transfer protocol indicates how data flows are transferred between computers. For example, it ensures that no data packets are lost. The standard transfer protocol, which is also used by HTTP, is TCP or Transmission Control Protocol.
There is an extension to this transfer protocol that encrypts data flows: it is called TLS (formerly SSL). All data transmitted using this protocol is encrypted in such a way that only the actual recipient (the browser or the web server) can access the transferred content.
When a URL begins with https: // , the browser automatically adds port number 443. This number tells the receiving computer to communicate via TLS / SSL.
The ability of hackers to spy on and manipulate web pages is increasing. For this reason, it is important to encrypt data flows, especially in open access networks such as public Wi-Fi hotspots.
HTTPS is the new standard . As we have already mentioned, web pages that do not have the certificate are negatively highlighted or blocked by current browsers. Also, HTTPS is likely to have a positive effect on Google rankings , even though Google has not yet expressly recognized it.
In Europe, the General Data Protection Regulation (GDPR) stipulates that web pages must be kept up-to-date in terms of security, so they should all be on HTTPS.
With this article you can learn how to convert your website to HTTPS.