Introduction of HTTP VS HTTPS
Have you ever noticed that some websites start with http:// Like http:// www.example.com, while others begin with https:// like https://www.cybermentor33.com?
- So, what’s the difference between these two?
- Why do some websites still use HTTP and others use HTTPS?
- Which one is safer to visit, and how does this security layer actually work?
In this blog, we’ll explore everything you need to know about HTTP vs HTTPS- including their core differences, how they work behind the scenes, what requests and responses really mean, and why choosing a secure connection is so important in today’s internet world.
We’ll also understand what happens when you type a website name in your browser and hit Enter – and how your request travels through the web to bring that page to your screen.
What is HTTP?
HTTP (Hyper text transfer Protocol) is an application layer protocol in the OSI model, responsible for transferring web pages from a server to a user’s web browser.
It works on the client-server model, where the client – usually a web browser – sends a request to the server responds with the requested web content.
By default, HTTP Uses port 80 for communication. However, this port can be changed manually on a system or server based on specific requirements or configurations.
HTTP connection are not secure because they do not use encryption. This means the data transmitted between the client and server is in plain text, making it vulnerable to attackers who can easily intercept and read the information.
How HTTP Works in Real life
Let’s understand HTTP with a simple real-world example:
Suppose you want to visit a website named example.com
- First, you open any web browser – like Chrome, Firefox, or Safari.
- In the address bar, you type example.com and hit enter.
- Now, your browser automatically adds http:// in front of the domain name if the website uses HTTP. So it becomes: http://example.com
- This triggers an HTTP request from your browser to the server that hosts example.com.
- The server receives this request, processes it, and then sends an HTTP response back to your browser.
- Finally, if everything goes fine, your browser displays the website for you.
What is HTTPS?
- HTTPS (Hyper text transfer protocol secure ) is the secure version of HTTP, designed to protect the integrity and confidentiality of data exchanged between your browser and the server.Unlike HTTP, which transmits data in plain text, HTTPS uses encryption protocols like SSL/TLS to create a secure communication channel. This ensures:
Confidentiality: Your data is encrypted and safe from eavesdroppers.
Integrity: The data can’t be modified during transmission without being detected.
Authentication: Confirms that you’re communicating with the intended and verified website.
This secure protocol is especially important when dealing with:
Online banking
Login forms
Secure e-commerce sites
HTTPS typically uses port 443 for secure communication. In some cases, when an SSL certificate is missing or not configured properly, communication might fall back to port 8080, though is not standard or secure for production use.
How HTTPS Work in Real life:
- Let’s understand HTTPS with a simple real-world example of google.com:
- Suppose you want to access Google
- First, you open any web browser – like Chrome, Firefox, or Safari.
- Now, your browser automatically adds https:// in front of the domain name if the website uses HTTPS.
- So it becomes: https://google.comThis triggers an HTTPS request from your browser to the server that hosts google.com.
- The server receives this request, processes it, and then sends an HTTPS response back to your browser.
- Finally, if everything goes fine, your browser displays the google website interface.
Full Breakdown of HTTP/HTTPS Request (with Screenshot + Line by Line)
When You Type a URL in the Browser…
Here’s what actually happens behind the scenes:
The browser generates an HTTP or HTTPS Request, which is then sent to the server – and that’s how you receive the web page.
- Now let’s understand:
- What does this request look like?
- What kind of information does it contain?
I have a real HTTP or HTTPS Request captured using Burp Suite (see the image below).
Let’s break it down step by step and understand each part!
- HTTP Request Headers
GET /~grovesd/comm244/notes/week2/links HTTP/1.1
- GET: This is the HTTP method. The browser is requesting data (a web page) from the server.
- /..links: This is the path to the specific resource or file on the server.
- HTTP/1.1: The version of the HTTP protocol being used.
2. Host: web.simmons.edu
- This tells the server which domain name the client (browser) is trying to reach.
3. User-Agent: Mozilla/5.0 …. Firefox/128.0
- Identifies the browser and device making the request. it helps the server deliver content optimized for that browser.
4. Accept: text/html, application/xhtml+xml, ….
- Specifies the types of content the client can accept (like HTML, XML, etc.).
5. Accept-Language: en-US, en;q=0.5
- Indicates the preferred language of the browser (useful for serving localized content).
6. Accept-Encoding: gzip, deflate, br
- Tells the server which compression formats the browser supports (for faster loading).
7. Referer: https://www.google.com/
- Show the page from which the user came before landing on this request (useful for analytics).
8. Connection: keep-alive
- Instructs the server to keep the connection open for further requests (improves performance).
9. Cookie: _ga=GA1.2.5765. . . .
- Sends previously stored cookie from the client to the server – used for session tracking and personalization.
10. Upgrade-Insecure-Requests: 1
- Tells the server that the browser prefers secure (HTTPS) connections if available.
11. Priority: u=0, i
- Indicates the priority level of the request, helping browsers optimize network usage.
Full Breakdown of HTTP or HTTPS Response (with Screenshot + Line by Line)
After receiving the request, the server sends back a response. Let’s look at the response headers and understand each line.
- HTTP/1.1 200 OK
- The HTTP version and status code. 200 OK means the request was successful and the page was found.
2. Date: Sat, 10 May 2025 11:10:39 GMT
- The exact date and time the response was generated by the server.
3. Server: Apache
- Shows the server software used – in this case, Apache Web Server.
4. Content-Location: links.php
- Indicates the actual file that’s being served in response to the request
5. Vary: negotiate
- Tells that the response might vary depending on content negotiation (like language, encoding).
6. TCN: choice
- Transparent Content Negotiation result – tells that the best matched variant was chosen.
7. Keep-Alive: timeout=5, max=100
- Informs the client how long the connection will stay alive and how many requests can be made.
8. Connection: Keep-Alive
- Confirms that the server is keeping the connection open for efficiency.
9. Content-Type: text/html; charset=UTF-8
- Specifies the content format and character encoding of the response – here it’s HTML.
10. Content-Length: 9092
- The total size (in bytes) of the response body being sent to the browser.T
The rest of the response contains the HTML content of the web page, which your browser renders for you to view.
HTTP vs HTTPS: Comparison Table
✅ Conclusion
In today’s digital world, where cyber threats are rising every day, choosing HTTPS over HTTP is no longer optional β it’s a necessity.
Whether you’re a casual browser or a website owner, it’s crucial to understand how secure connections protect your data and privacy online.
π For Users: Always prefer browsing websites that begin with https:// and show a π padlock in the address bar. This ensures your information β especially passwords, banking details, and personal data β stays encrypted and safe from attackers.
π For Website Owners: If your website still runs on HTTP, it’s time to switch to HTTPS by installing an SSL/TLS certificate. It not only secures your visitors but also builds trust, improves your SEO ranking, and enhances your website’s credibility.
Remember:
HTTP exposes, HTTPS protects.
Stay safe. Stay secure. Surf smart. ππ
