What is the difference between HTTP and HTTPS?
HTTPS is essentially HTTP with TLS encryption benefits. HTTPS makes use of TLS to encrypt all requests and responses. This makes it far superior in terms of safety and security. It is easy to spot which websites use HTTPS as you will see it at the beginning of the URL in the format https:// as opposed to HTTP which is shown as http://.
So, getting down to the point, why is it that we should provide websites that operate on HTTPS?
HTTPS based websites are more trustworthy for users. It could be helpful to think of a home that has passed building regulations being the HTTPS based website and a home that has not been given a buildings regulations certificate being the HTTP based website. The HTTP prefix is like a badge of dishonour – it is saying “hang on a minute, we are not particularly safe, secure or trustworthy.”
In using the SSL/TLS protocol, HTTPS is able to encrypt communications so any would-be attackers are unable to steal user data. In addition the incorporation of SSL/TLS protocol ensures that a website server is exactly that which it purports to be, preventing fraud of that ilk and helping to prevent all manner of cyber-attacks. Most of the work that HTTPS does is seamless and users will likely be unaware of the benefits. The search engines are most certainly aware, however and are likely to prioritise HTTPS websites as a result of their security benefits. In the online climate, trust is becoming ever more relevant and vital.
Search engines and browsers
All browsers these days will mark HTTP wesbites as “not secure”. This process was started in mid-2018, when Chrome version 68 was released. Since then all other browsers have taken similar steps.
Google has gradually pushed websites towards switching to HTTPS over the years and it also uses HTTPS in the algorithm to assign a ranking of quality going towards how they display search results. From the end user perspective, the security that HTTPS provides makes it less likely that users will click on erroneous websites.
Starting in July 2018 with the release of Chrome 68, all unsecured HTTP traffic has been flagged in the URL bar as “not secure”. This notification appears for all websites without a valid SSL certificate. Other browsers have followed suit.
Security and authentication Security
HTTPS provides more security both for website owners and users. Why is this? Well, in addition to the aforementioned, with HTTPS you get encrypted data flowing in both directions (to and from the origin server). The security this provides prevents hackers from observing the data that is sent. Usernames and passwords or banking details are far more secure as a result.
The SSL certificate provided with HTTPS websites is a form of external verification by a third party making sure that web servers are not fraudulent. This gives users more confidence that the site they are on is the one they intended to visit.