Have you ever found yourself wondering what the HTTPS at the start of a web address actually means? And didn’t it use to just be HTTP? We explain all.
When you look at (or type in) a web address, you may have noticed that it is automatically prefixed with HTTP, or HTTPS. These days most web browsers hide these letters (as well as the www.) so you may not see them as often as you used to. But those letters are still there, and still just as important as they have always been.
HTTP stands for hypertext transfer protocol. A protocol is a set of rules that encompass how something must happen. In this case, HTTP is a set of rules that sets out how information is formatted and transmitted between you (i.e. your web browser) and the web server (where a website and its webpages live.)
So when you clicked on this article, your web browser made a request to our web server which stores this particular webpage. Our web server then responded by delivering this page’s HTML file to your web browser. The HTML file contains all the information your browser needs to display this webpage correctly. And all of this is achieved using a set of rules that both the browser and the web server understand – and those rules are called HTTP.
Sponsored Content. Continued below...
Your web browser asking for – and consequently receiving – an HTML webpage may sound like a simple endeavour, but there is plenty of activity going on to deliver you that webpage; activity happening in the background that you don’t see.
And while the above is a typical example, HTTP rules govern more than just requesting and successfully receiving back a simple webpage. For example, there also has to be a universally understood way of dealing with things when they go wrong. So for example, if a web server cannot find a webpage a browser has requested, it returns an HTTP status code instead, which in this scenario would most likely be the 404 code. This means the webpage could not be found. This is then understood by your web browser, where you’ll then most likely get a 404 error message and an explanation as to what it means.
HTTP is steadily being replaced with HTTPS. The S at the end stands for secure. HTTPS does the same thing as HTTP but with security in mind.
With HTTP, information that is formatted and transmitted between a web browser and a web server could be potentially be intercepted – even altered – by someone eavesdropping (called a “man in the middle” attack.) This isn’t good, because the information is sent in plaintext, meaning it can be read by people. That’s especially bad if the information being transmitted includes passwords or banking information.
Sponsored Content. Continued below...
But with HTTPS, this is less of a concern. That’s because HTTPS uses additional technologies called SSL and SSL certificates which use encryption keys to make sure all the data transmitted between the browser and the web server is encrypted. This means if it is intercepted by someone eavesdropping, the information they receive will make no sense.
This is why you always want to make sure that if you are about to submit sensitive information such as passwords or banking information on a webpage, you want to make sure the webpage begins with HTTPS. As we said above, most browsers hide this prefix these days, but you’ll know if its HTTPS because it will display a padlock icon next to the start of the web address.
So what is HTTP? It’s a set of rules that your browser and a web server understand to ensure they can format and transmit data across the World Wide Web. There are many different protocols on the Internet for transmitting and receiving data, but HTTP and HTTPS are used on the World Wide Web for your typical “surfing the Internet”.
And now you know what HTTP and HTTPS mean and what they are used to do!