HTTP & HTTPS : What is the difference?


You don’t need Sherlock Holmes’s deduction abilities to know what the F is the S in HTTPS. But if you do find yourself wondering, this blog is for you.

TL;DR – S is for Secure.


Let’s first tackle HTTP. HTTP stands for “HyperText Transfer Protocol” and it enables data communication on the internet. Let’s try and break it down further. When you type a web address in your browser, you must have noticed this:

Now when you hit enter to access the URL you have typed in, its this HTTP that carries the web address to the World Wide Web and looks up the URL to access all the files and resources related to that webpage. Once the background search is completed, the tirelessly working HTTP brings the results to your screen. This process is repeated every-time you click a link, access a new webpage or watch a Youtube Video. To summarize, HTTP delivers data and all files ( HTML, images, queries, etc) on the World Wide Web.

And now we introduce you to the cool cousin of HTTP – “HTTPS”


HTTPS has been around since the very beginning of the internet. It has not received its fair share of attention until recently but that does not undermine the role it plays. As we learnt earlier, S stands for secure. This means, that HTTPS has a wider role than that of HTTP. HTTPS not only communicates with the WWW or the internet, it also makes sure that all the communications are encrypted or “Secure”.

Until recently, HTTPS was primarily used by websites that handle money – E-Commerce websites, Banks, shopping carts, etc. But lately, that criteria is valid no more. Websites like Twitter, Medium, Reddit that have almost all public data have gone the HTTPS way. While your tweets and Reddit posts are publicly available, you wouldn’t want your Username and Password to be accessible by someone sniffing around the web. HTTPS ensures that the connection is secure from any interloper looking to access your personal information, a government trying to censor what you see or hackers trying to insert a piece of code aimed at compromising your data security.

As per Google’s latest count (report) , more than half of the world is using HTTPS. While it is a win, there has never been a more critical time for data privacy. You would think with the growing popularity and need of HTTPS, some of the larger websites would have gone the HTTPS way. Well, think again and be prepared to be surprised. Recognize any?

You can see the complete list here This list may look pretty harmless but let me assure you there is more than what meets the eye. BBC, CNN, Mirror and DailyMail – four well known news sites are still using HTTP. If you are wondering why do news websites need HTTPS, read this –

What you read or access on the internet can tell a lot about you. When this information is collated, it is merely a child’s play to put together a complete human profile. Your interests, preferences, likes, dislikes and affiliations are private no more. In such a scenario, spoofing, Government snooping or censoring of content that you access can be avoided by accessing content over HTTPS.

In short, HTTPS helps ensure:
1. The website you are accessing is Authentic and not a spoof or a phishing link.
2. The connection is Encrypted and the metadata like URLS, search queries, etc are obscured and hence confidential.
3. The content that you are accessing has not been tampered with and hence the Integrity of the data is maintained.

Do I need HTTPS on my Blog/Website?
If you have a digital presence, you need HTTPS. If you want a steady stream of visitors, you need HTTPS. If you want to ensure your website doesn’t seem to be shady or unsecure, you need HTTPS.

Back in 2014, Google announced that it will start using HTTPS as ranking signal. While the weightage attributed to HTTPS currently is not as high as or even replaceable with high-quality content, it is slated to increase overtime. This means that the SEO traffic to your blog/website from Google will be impacted by the presence or lack of HTTPS. Since then, many encrypted sites have experienced a boost in rankings as compared to their unencrypted counterparts.

SEO benefits aside, the integrity of the content shared on your blog/ website is your responsibility. If the content is plugged in or edited before it reaches your users, the impact on your brand’s value cannot be ignored.
Read more here.

Over time, since Google’s announcement about incentivizing HTTPS sites, not much has changed. No wonder now Google has changed its strategy from that of incentivizing HTTPS sites to penalizing Non-HTTPS sites. In earlier times, you could get away with a polite information mark stating “Your connection to this site is not secure” but now the major browsers like Google and Firefox have started shaming the non-HTTPS sites, so unless you want your website to be publicly shamed, there is no reason whatsoever to not get a certificate for your website.

If you are still wondering whether your site needs HTTPS, check out this website – https://doesmysiteneedhttps.com/.

May the encryption be with you!

Next Steps:
If you wish to deep dive into the world of HTTPS, here is a small list of resources to help you further your knowledge.
•    Federal government adoption of HTTPS
•    EFF — How to deploy HTTPS correctly
•    Mozilla — Security/Guidelines/Web Security
•    Ivan Ristic’s Bulletproof SSL and TLS
•    Google Developer’s Blog — Enabling HTTPS on Your Servers
•    Let’s Encrypt