What Is HTTPS and How Does It Work?

Browsing the web has its risks, but it becomes even more dangerous with an unsecured connection. That’s where HTTPS comes in – it encrypts transmitted browser data between web browsers, webpages, and servers over the Internet. Through this article, we’ll explain what HTTPS is and how it works in order to enhance your Internet experience and security.

What is HTTPS?

HTTPS, or hypertext transfer protocol secure, is the updated secure version of HTTP (hypertext transfer protocol). It's is the protocol that the Internet uses to securely send data between a web browser and a website.

Essentially, this connection is more secure because it is encrypted through Transport Layer Security (TLS) (formerly Secure Socket Layer (SSL) encryption). Secure data transfer is especially important when sending sensitive data such as banking information, private messages, or other personal information.

How HTTPS works

HTTPS uses an encryption protocol to secure connections. It uses TLS/SSL (Transport Layer Security/Secure Sockets Layer) certificates, which are essentially a form of identification for websites that confirms to the Internet that the website’s identity is authentic. These TLS/SSL certificates allows websites to verify themselves through certificate authorities in order to enable the necessary encrypted connections.

The TLS protocol secures communications via what is referred to as asymmetric public key infrastructure. It uses two different keys to encrypt and decrypt data between parties.

The first key, the public key, is available to everyone interacting with a given server. When data transfers over from a client, the public key encrypts it into an unreadable format and transmits it over HTTPS port 443.

The second key, the private key, is controlled by the website and kept on a private server. It’s only known by one party. Once the data reaches its final destination after being encrypted by the public key, the private key decrypts the information. Only the private key can decrypt information encrypted by the public key.

Disadvantages of hypertext transfer protocol secure

As secure as the protocol is, there are still some limitations to SSL/TLS encryption. While HTTPS encrypts a lot of information, it doesn’t encrypt everything. The full domain, subdomain, and originating IP address of a website are still visible. Even over a secured connection, exercise caution when browsing the Internet.

Furthermore, HTTPS is not quite as fast or accessible as unsecured HTTP. Some firewalls deny access to HTTPS connections unintentionally, and because of the amount of encryption and decryption required for HTTPS to function, the response time is not as fast. However, these differences and issues are negligible compared to the alternative. Visiting sites that use hypertext transfer protocol secure is still the far better option.

What is the difference between HTTP and HTTPS?

Though HTTPS is the same base protocol as HTTP, the difference is important. A website using the latter is completely unencrypted. A website using the former encrypts almost all information sent between client and server using a TSL/SSL encryption connection.

A URL request with HTTP, using port 80, reveals a lot of information: the body of the request, the full URL, the query, and many identifying headers about the client.

On the other hand, a secure URL request with HTTPS, using port 433, encrypts all of the previously exposed information. It only reveals the domain name of the website.

Essentially, the unsecured connection freely broadcasts your data to the world, including to any cybercriminals or hackers spying on your network. Browsing the Internet over an unsecured network is especially dangerous if you lack a strong antivirus program or malware protection.

How to tell which protocol a website uses

Determining whether or not a website uses HTTPS is simple. A secure URL begins with HTTPS. An unsecure URL begins with HTTP. Check the website you visit – for example, is a secure site, confirmed by what's at the beginning of the domain.

You can also look for a small lock symbol in front of the domain in the address bar, as this also confirms a site is secure.

However, now, most search engines only show secured sites in the first few pages of results, so users need not worry too much about accidentally getting on a non-HTTPS site. In August of 2014, Google announced that they would start using HTTPS as a ranking signal. Now, Google rarely shows unsecured sites in search results.

Google took it one step further in the Google Chrome browser, which now shows a warning prior to allowing a user access to a non-secure website. Firefox did the same thing; users see a warning before entering an unsecured site, and for those who want an even more secure experience, Firefox also offers an HTTPS-only browsing mode to users.

It’s recommended that all website owners use HTTPS rather than its unsecured counterpart. Not only does it make the website more secure, but it improves the site’s ranking in Google, since Google ranks websites using hypertext transfer protocol secure higher by default.