HTTP (Hyper Text Transfer Protocol) is the protocol that powers the web as we know it.
It sits on top of TCP, which sits on top of IP.
Web pages can either use HTTP or HTTPS (Hyper Text Transfer Protocol Secure).
How are they different? And, why is now HTTP being marked as non-secure by Chrome?
When you request an HTTP page from a server, the data goes through many different networks, each controlled by a separate company or entity.
Starting from the WiFi router, which might be owned by the coffee shop or by the city public network infrastructure, every single node in the network can see the request and the response, and modify it in any way.
They might inject ads, they might inject malware, they might log any credentials you enter. A server in the middle can play as a man-in-the-middle, sending compromised information.
This also applies to any internet protocol that’s not secured.
HTTPS traffic is end-to-end encrypted, and this means there is nothing in between that can read the information exchanged between you and the server at the other side of the network.
By default, HTTP is served on port 80, while HTTPS is served on port 443. Those are the default ports, but a web server can choose to serve content on a different, random port, in which case you need to specify it in the address bar:
Is HTTPS slower?
No! It’s the opposite.
There is a myth around page speed. People think that the TLS handshake required for HTTPS is making page speed slower, but in reality, an HTTPS page can load up way, way faster than HTTP.
Why? Because of HTTP/2, the newest version of the HTTP protocol. HTTP/2 can serve requests in parallel, and requires a secure connection, so if your server uses a modern Web Server, which supports HTTP/2, then your web pages are going to have a significant speed bump when using HTTPS.
HTTP/2 introduces better parallelism, multiplexing, and compression, and that is an awesome update to HTTP.
See this page for an example: <https://www.httpvshttps.com/> and <https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/>
Does HTTPS affect SEO?
In particular, Google says HTTPS is going to give you an advantage in SEO terms.
Also, Google is going to officially mark HTTP sites as non-secure in its Chrome browser, and this is clearly an indication that if you care what Google wants, and you want to take advantage of that, you should switch to HTTPS, as soon as possible. The best possible time would have been 3 years ago, the next best time is today.
Is HTTPS difficult to implement?
Not at all. Thanks to free SSL certificates provided by Let’s Encrypt, the push for HTTPS had a huge impact and how every decent hosting provider is implementing it for free on all the accounts. Thanks to this, in 2018 HTTPS connections were more than the HTTP connections.
In the past having an SSL certificate for your site was a premium option that few were willing to purchase for a regular site, that was not making money or didn’t process user data.
Nowadays there’s no excuse.
More network tutorials:
- Introduction to WebSockets
- How HTTP requests work
- The HTTP Request Headers List
- The HTTP Response Headers List
- HTTP vs HTTPS
- What is an RFC?
- The HTTP protocol
- The HTTPS protocol
- The curl guide to HTTP requests
- Caching in HTTP
- The HTTP Status Codes List
- What is a CDN?
- The HTTP/2 protocol
- What is a port
- DNS, Domain Name System
- The TCP Protocol
- The UDP Protocol
- An introduction to REST APIs
- How to install a local SSL certificate in macOS
- How to generate a local SSL certificate
- How to configure Nginx for HTTPS
- A simple nginx reverse proxy for serving multiple Node.js apps from subfolders
- What is a reverse proxy?