HTTP vs HTTPS — How its work

In the developing world, we all know the terms HTTP and HTTPS. But many of us don’t know much about it. I wrote this story so that we could learn more about HTTP and HTTPS.

Most easily, we could say that HTTP transfer data insecurely, and HTTPS transfer data in a secure way. The easiest way to know a website using HTTP or HTTPS is by looking at the URL bar. An HTTP site has a NOT Secure stamp next to the URL. BUT an HTTPS site has a lock next to the URL address.

As a user, you should not enter confidential information on a webpage that is using HTTP. So, are you curious to know what makes HTTPS so secure? let’s start.

What is HTTP?

Hypertext Transfer Protocol is known as HTTP. It’s a method that allows browsers to access websites by obtaining resources from a web server. Tim Berners-Lee developed HTTP in 1989.

HTTP works simply. When you enter any web address on your browser, your browser sends an HTTP request to a web server. The web server then responds to the request with a data packet that the browser shows you as a website.

HTTP Request

What is HTTPS?

Hypertext Transfer Protocol Secure is known as HTTPS. It is used to communicate securely through the network. HTTP requests send plain text to communicate. So, if anyone intercepts the request can understand what it is and can steal private information.

On the other hand, HTTPS requests use encrypted text to communicate. HTTPS uses SSL to encrypt data. Nowadays, it uses TLS and an improved version of SSL. As a result, the user‘s data is not plain text but encrypted text. If someone manages to steal the data, they would not understand anything.

Why HTTPS Secure?

Let’s learn how clients and servers communicate using HTTPS. Now no we know HTTPS uses the TLS method to encrypt the data. TLS uses a technology called public key Cryptography there are two keys, a public key, and a private key. the public key is shared with clients or browsers via the server SSL certificate when a client opens a connection with the server, the two devices use a public and private key to generate a new key called a session key. Further communications between them all HTTP requests and responses are then encrypted with this session key. If anyone intercepts the communication can only see random strings of characters, not plain text. so that is how HTTPS secures our communication.