Home > Tech Explained

MTE Explains: The Difference Between HTTP and HTTPS

By Laura Tucker

It used to be easy to write down a web address. We knew the beginning of the address, sometimes called a URL, was always “h-t-t-p, colon, forwardslash, forwardslash, w-w-w.” But that slowly started to change. Not only did we sometimes lose the “www” in the URL, but we also started to sometimes see “https” instead of “http.”

What is the difference between HTTP and HTTPS, and how do we know which one we should be typing in when we’re going to an address, if all we know is the part after “www?” If we navigate to a site and the HTTP changes to HTTPS all on its own, what does this mean?

The differences between HTTP and HTTPS

Let’s first examine what HTTP is. It’s an acronym for “Hyper Text Transfer Protocol” and is basically the protocol used to communicate with websites. As you type in the URL into your web browser, it then “talks” to the server utilized by the website and allows you access. Many times, you can just put the site name with the “.com,” “.org,” etc., and your web browser will autofill the rest of the address for you with the rest of the URL.

HTTPS-HTTP-differences

The problem with HTTP is that the communication isn’t necessarily completely private or secure. Information you provide to a website, such as contact or financial information, could be intercepted by a third party. If you are on amazon.com or paypal.com, you want to be sure that the information you share won’t be picked up by anyone else. What you need is a site that is more secure.

This is exactly what the S stands for in HTTPS, or “secure HTTP.” The S stands for “secure.” It’s not a completely different protocol. Instead it’s a layering effect. The HTTP is layered on top of the SSL/TLS (Secured Socket Layer/Transport Layer Security) to create a larger security for you. It will authenticate the site so that you know you are dealing with a site that is who they say the they are and will also encrypt the data.

HTTPS-HTTPAmazon

Let’s go back to Amazon.com. When I enter “amazon.com” into my web browser, it automatically fills in the rest, including recognizing me and my account and signing me in. When I’m just browsing around the store, I don’t need any more protocol other than HTTP. I’m not providing any information about myself.

HTTPS-HTTPSAmazon

However, if I am going to get into my actual account to either edit information or purchase an item, it includes not only my address, but my credit card information, so I want it to be more secure. Once I click on my account, it automatically switches on its own to an HTTPS where I know it will be more secure. I know my information is safe here, or should I say safer?

How secure is HTTPS

The HTTPS protocol is supposedly secured, but it doesn’t necessarily mean you are completely safe. In some occasion, the site owners might not have implemented HTTPS correctly, or that the signing certificate is expired/invalid. In addition, being on HTTPS doesn’t mean it is a legitimate site. It could be a phishing or hacking site that looks exactly like amazon.com or paypal.com. In these cases, you have to use your own judgement whether the site can be trusted or not.

How to check if a site has implemented HTTPS correctly?

If you are using a recent build of the web browser, regardless if it is Firefox, Chrome, IE or Safari, you should be able to view the HTTPS status of the site from the URL bar.

In Firefox, when you access a HTTPS site, you will see a padlock beside the URL. Click on it and you will see the status of the signing certificate.

HTTPS-verify-encryption-certificate

From here, you can see who provides the signing certificate (in this case, Verisign) and whether it is implemented correctly to prevent eavesdropping.

In Chrome, you can see even more detail about the connection and how secure it is.

HTTPS-chrome-encryption-certificate

If there is an error with the certificate, or that the provider source is not verified, this is what you will see on screen:

HTTPS-firefox-invalid-certificate

You can then decide if you want to “Add Exception” and continue, or to leave the site.

Conclusion

During this holiday where you purchase all your gifts and presents online, it pays to be more attentive to the security of the site and whether the credit card you are sending over is encrypted or not. Hopefully this article has helped you understand better the differences between HTTP and HTTPS and the things you need to look out on a supposedly secure site, and is indeed who they say they are.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar
Laura Tucker
Laura has spent more than 20 years writing news, reviews, and op-eds, with the majority of those years as an editor as well. She has exclusively used Apple products for the past 35 years. In addition to writing and editing at MTE, she also runs the site’s sponsored review program.

Read next

When Sony shipped the first Walkman in 1979, chairman Akio Morita insisted on a second headphone jack and a “hotline” talk button, convinced it would be rude for one person to listen to music alone — and within a few years buyers had ignored the sociable features so completely that Sony quietly dropped them
Russia still custom-builds the Soyuz return seats for ISS crew members using plaster casts taken weeks before launch, because astronauts grow as much as five centimetres taller during a long-duration stay and a seat moulded to their Earth-shaped spine would no longer fit the body that comes home
Close-up of a young adult using a smartphone outdoors, highlighting modern technology and connectivity.
The “CrackBerry” nickname stuck for a reason — and the variable-reward psychology that hooked early-2000s executives on their BlackBerrys is the exact same machinery now running every push notification on every smartphone in your pocket
In 1843, Ada Lovelace described a brass-and-punched-card engine that could act on symbols as well as numbers, even composing music if harmony could be reduced to rules, inside seven translator’s notes three times longer than the paper itself
Bright modern laboratory with computers and technical equipment for research and analysis.
ARPANET sent its first message on 29 October 1969 from a lab at UCLA to a machine at Stanford, and the message was supposed to read ‘LOGIN’ — but the system crashed after the L and the O, meaning the first word ever transmitted over the network that became the internet was, by accident, ‘LO’.
In 1995, Microsoft shipped a cartoon-house interface called Bob, led by Melinda French, who married Bill Gates while it was in development — it demanded twice the memory of a typical home PC, sold roughly 30,000 copies, and was dead within a year, leaving behind the font Comic Sans and the animated assistant that became Clippy.
Stunning underwater shot of tiger sharks swimming among fish in the ocean depths.
The Greenland shark grows about one centimetre a year, does not reach sexual maturity until around age 150, and a specimen carbon-dated by Danish researchers in 2016 was estimated to be at least 272 years old, meaning it was already swimming the North Atlantic when Mozart was composing symphonies.
A person using a smartphone with a green screen surrounded by fresh fruits and vegetables in the kitchen.
When Apple shipped iOS 12 in June 2018, a small feature called Screen Time slipped onto every iPhone with a counter nobody had quite prepared for — a tally of pickups — and within a day Tim Cook was telling CNN the number of times he picked up his own phone was simply too many