A little backstory Back in 2014, HTTPS became a hot-topic after the Heartbleed bug became public. This bug allows people with ill intent to listen in on traffic being transferred over SSL/TLS. Therefore, it gave them the ability to hijack and/or read the data. Luckily,…
HTTPS protocol – Panacea to Websites Perfomance?
HTTPS, the secure protocol.
A lot of discussions has been lately about the value of the https protocol. We are to going to present into 3 parts some key aspects of the issue.
In the first part, we will briefly present the meaning of the https protocol as well its value for the users.
The https protocol
HTTPS secures the connection to the website you are visiting.
I’m sure you have seen this in action; look at the address bar in the browser and find the lock icon on the left-hand side. Is the lock closed? Then the connection is secure. Is it open or is there another type of icon or message? Then it’s not secure and vulnerable to attack. Using a site over a non-secure connection means hackers/criminals could intercept the data you send to the site, like your password and email address.
Starting with the basics
When you type in a URL in the search bar, your browser asks the site for its IP address – for instance 123.456.7.89. This number is the actual address that a site gets online. The browser connects to this number in the hopes this is the correct site. This is all done in plain sight and there is no encryption in between so everyone can intercept this traffic. So when you want to log in to a site that you connect to via an HTTP connection, the data you enter – username and password – is sent in plain text. Trust me, that’s really bad. Think about what would happen if you’d connect to your bank this way.
HTTPS secures this process. HTTPS encrypts the connection between the browser and the site, therefore making sure that no one can intercept the data sent between those two. Every site that wants to secure itself needs a so-called SSL certificate. The browser checks the certificate of the site and verifies its legitimacy with the company that issued it. If you want to see who issued the certificate, please click on the lock icon. By using HTTPS, sites not only secure your login procedure and personal data but also what you do on a site and which sites you visit.
Besides securing the web, HTTPS is necessary for sites that want to upgrade to a new, safer and much faster internet protocol called HTTP/2. HTTP/2 includes different new technologies that make sites a lot faster to load.
HTTP: HyperText Transfer Protocol
Hypertext Transfer Protocol (http) is a system for transmitting and receiving information across the Internet. HTTP is an “application layer protocol,” which ultimately means that its focus is on how information presents itself to the user, however, this option doesn’t really care how data gets from Point A to Point B.
They refer to it as “stateless,” which means it doesn’t attempt to remember anything about the previous web session. The benefit to being stateless it that there are fewer data to send, and that means increased speed.
When is HTTP beneficial?
Http is most commonly used to access html pages, and it is important to consider that other resources can be utilized through accessing http. This was the way that most websites who did not house confidential information (such as credit card information) would set up their websites.
HTTPS: Secure HyperText Transfer Protocol
HTTPS, or “secure http”, was developed to allow authorization and secured transactions.
Exchanging confidential information needs a certain level of security in order to prevent unauthorized access, and https makes this happen. In many ways, https is identical to HTTP because it follows the same basic protocols. The HTTP or https client, such as a Web browser, establishes a connection to a server on a standard port. However, https offers an extra layer of security because it uses SSL to move data.
For all intents and purposes, HTTPS is HTTP, it’s just the secure version.
Getting a bit technical
The main difference is that it uses TCP Port 443 by default, so HTTP and HTTPS are two separate communications.
HTTPS works in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely (which is really the key difference that Google cares about).
Remember, HTTP and HTTPS don’t care how the data gets to its destination. In contrast, SSL doesn’t care what the data looks like (like HTTP does).
That is why HTTPS really offers the best of both worlds: Caring about what the user sees visually, but also having an extra layer of security when moving data from point A to point B.
AN EXTRA NOTE:
People often use the terms HTTPS and SSL interchangeably, but that isn’t accurate. HTTPS is secure because it uses SSL to move data. The technicalities can seem complicated, so visit here if you need more detailed information. For most companies, understanding that https is more secure than http is enough.
Value of HTTPS for the user
Everyone has the right to privacy on the web. We are doing so many mission-critical things on the web that we use any kind of security we can find. An ever-increasing number of websites is making the move to HTTPS. In the screenshot below, you can see that at the moment, 61% of the sites that Firefox loads are being sent over HTTPS (stats by Let’s Encrypt).
HTTPS is a must for any type of site, even if you own the bakery around the corner and don’t send or request sensitive data via your website.
Ok, I am sure you got tired.. so let’s leave the rest of the https for a next article.