2.2 HTTP and HTTPS
In the previous section, we learned that browsers and servers communicate with one another to display websites. However, for this communication to work, both sides must follow the same set of rules.
These rules are known as protocols.
A protocol is a standardized method for exchanging information between computers. Just as people need a common language to communicate effectively, computers need agreed-upon protocols to exchange data across networks.
When it comes to websites, the two most important protocols are HTTP and HTTPS.
What Is HTTP?
HTTP stands for Hypertext Transfer Protocol.
HTTP is the protocol that allows browsers and web servers to communicate with one another. It defines how requests are made and how information is returned.
When a user visits a website, the browser sends a request to a server asking for a webpage or other resource. The server then responds by sending the requested information back to the browser.
This request-and-response process forms the foundation of the World Wide Web.
For example:
- A user enters a website address into a browser.
- The browser sends an HTTP request to the server.
- The server processes the request.
- The server sends an HTTP response back to the browser.
- The browser displays the webpage.
This entire process often takes place in a fraction of a second.
Requests and Responses
Every web interaction is built on requests and responses.
A request is a message sent by a browser asking for information.
A response is the message sent back by the server containing the requested information.
For example, when someone clicks a link to a news article, the browser requests that specific page from the server. The server then responds by sending the files needed to display the article.
Modern websites may involve dozens or even hundreds of requests as browsers retrieve images, videos, stylesheets, and other resources needed to build the page.
The Problem with HTTP
The original HTTP protocol was designed to move information efficiently across networks. It was not originally designed with strong security in mind.
Information sent using HTTP can potentially be viewed or modified by others if they gain access to the network carrying the traffic.
As the Internet grew and online banking, shopping, and personal communication became common, stronger protections became necessary.
This led to the development of HTTPS.
What Is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure.
HTTPS performs the same basic function as HTTP, but it adds security protections that help safeguard information while it travels across the Internet.
When HTTPS is used, the communication between a browser and a server is encrypted. Encryption converts information into a form that is unreadable to unauthorized parties.
This helps protect sensitive information such as:
- Passwords
- Credit card numbers
- Personal messages
- Online account information
Today, most major websites use HTTPS by default.
How to Recognize HTTPS
One of the easiest ways to identify HTTPS is by looking at the beginning of a website address.
Websites using HTTP typically begin with:
http://
Websites using HTTPS begin with:
https://
Modern browsers typically provide visual indicators showing when a secure HTTPS connection is being used.
Although HTTPS does not guarantee that a website is trustworthy, it does help verify that communication with the website is encrypted and has not been tampered with during transmission.
Why HTTPS Matters
The widespread adoption of HTTPS has made the Internet significantly safer than it was in its early years.
Without HTTPS, activities such as online banking, e-commerce, cloud computing, and secure communication would be much more difficult and risky.
Understanding the difference between HTTP and HTTPS is important because these protocols are used every time a webpage is loaded. They form one of the core technologies that make the modern web possible.
In the next section, we will follow the complete journey of a webpage request and examine what happens behind the scenes when you open a website in your browser.
