Webmaster Sun Login
Not a member yet? Sign up

Http vs. Https: What is the difference?

  • HOME
  • FORUMS
  • WHAT'S NEW
  • BLOGS
  • MARKETPLACE
  • ADVERTISING
  • SPECIAL OFFERS
  • WEB HOSTING
  • QUICK MENU
  • REGISTER HERE - Join us for FREE
Page 1 of 2 12 LastLast
Results 1 to 25 of 26
    Stick this thread
  1. #1
    Join Date
    Nov 2012
    Posts
    149
    Thumbs Up/Down
    Received: 0/0
    Given: 25/0
    Thanks
    33
    Thanked 5 Times in 5 Posts

    Http vs. Https: What is the difference?

    Hello webmasters,

    Can you show me pros and cons of Http vs. Https ? I know https is more secure but why it is then I didn't know.

    If possible, plz show me what is the difference between Http vs. Https?

    Thanks
    David

  2. #2
    Join Date
    Jan 2014
    Posts
    5
    Thumbs Up/Down
    Received: 1/0
    Given: 0/0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    As a quick look of this comparison;
    HTTPS protocol uses SSL, Secured layer. so your data is crypted before sending. If anybody tries to read the data, they will see crypto.

  3. #3
    Join Date
    Mar 2015
    Posts
    25
    Thumbs Up/Down
    Received: 1/0
    Given: 0/0
    Thanks
    3
    Thanked 8 Times in 7 Posts
    Now when Google is ranking HTTPS slightly better it is a good idea to get a SSL cert for your sites. It is not that expensive either nowdays.

  4. #4
    Join Date
    Mar 2015
    Location
    United States
    Posts
    182
    Thumbs Up/Down
    Received: 5/0
    Given: 0/0
    Thanks
    8
    Thanked 83 Times in 59 Posts
    Basically, whilst slightly slower, SSL will add a layer of security on any transmissions to and from your web server to your visitor. It's essential for any e-commerce website, where transactions are made, for example. There are also several layers of SSL, where some provide a stronger encryption than others. When offering credit card payment through a website (for example), you'll want an SSL certificate with extended validation - as these are stronger cryptos for one, and also ensures your visitor they are dealing with the actual company, as these certificates are not handed out without authorization by the certificate authority.

    That's a long story short - but the main point is that it's a good thing to have your website using HTTPS, and it makes life a tad bit more difficult for evil-doers. You can secure a domain with SSL for about $10'ish per year nowadays (and soon free, once Let's Encrypt is launched).

  5. The Following User Says Thank You to MightWeb For This Useful Post:
    lawrencegordon (04-28-2015)

  6. #5
    Join Date
    Nov 2014
    Location
    Chilliwack, BC
    Posts
    622
    Thumbs Up/Down
    Received: 28/0
    Given: 0/0
    Thanks
    36
    Thanked 294 Times in 205 Posts
    Quote Originally Posted by MightWeb View Post
    Basically, whilst slightly slower, SSL will add a layer of security on any transmissions to and from your web server to your visitor. It's essential for any e-commerce website, where transactions are made, for example. There are also several layers of SSL, where some provide a stronger encryption than others. When offering credit card payment through a website (for example), you'll want an SSL certificate with extended validation - as these are stronger cryptos for one, and also ensures your visitor they are dealing with the actual company, as these certificates are not handed out without authorization by the certificate authority.

    That's a long story short - but the main point is that it's a good thing to have your website using HTTPS, and it makes life a tad bit more difficult for evil-doers. You can secure a domain with SSL for about $10'ish per year nowadays (and soon free, once Let's Encrypt is launched).
    I just looked into Let's Encrypt, and I don't think in my opinion that it would be a viable solution. From what I can tell, Mozilla is the only browser that would trust the certificates, which really limits things. I may be wrong of course.

    Anybody can generate a certificate using OpenSSL, however, what you actually pay for is the signing authority that has partnered with browsers, software companies and payment processors to provide a level of trust. Sure, a $10 certificate will provide some security, however $150 a year for an EV-SSL will show a huge amount more trust with not only customers, but once again, your payment processors. Personally (and I am not the only person), I don't trust websites that use domain validated certificates. Anybody can get them, no verification of the business being valid and registered. Also, PCI compliance is another big thing in the eCommerce world.

  7. #6
    Join Date
    Mar 2015
    Posts
    31
    Thumbs Up/Down
    Received: 0/0
    Given: 1/0
    Thanks
    22
    Thanked 3 Times in 2 Posts
    Quote Originally Posted by MightWeb View Post
    Basically, whilst slightly slower, SSL will add a layer of security on any transmissions to and from your web server to your visitor. It's essential for any e-commerce website, where transactions are made, for example. There are also several layers of SSL, where some provide a stronger encryption than others. When offering credit card payment through a website (for example), you'll want an SSL certificate with extended validation - as these are stronger cryptos for one, and also ensures your visitor they are dealing with the actual company, as these certificates are not handed out without authorization by the certificate authority.
    Perhaps, because of this G loved sites that having SSL, it makes more trustworthy than sites without SSL but I don't see more diffidence when checking on search resutls for sites SSL and non SSL.

  8. #7
    Join Date
    May 2015
    Posts
    87
    Thumbs Up/Down
    Received: 2/0
    Given: 0/0
    Thanks
    15
    Thanked 15 Times in 14 Posts
    These websites secure your data. It is important to check when you are making a purchase that the site is HTTPS, so that you know that you are on a site with SSL and it will protect your data.

  9. #8
    Join Date
    Feb 2016
    Posts
    31
    Thumbs Up/Down
    Received: 15/0
    Given: 6/0
    Thanks
    0
    Thanked 2 Times in 2 Posts
    (HTTP) HyperText Transfer Protocol
    (HTTPS) HyperText Transfer Protocol Secure

    Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

    For This you need to install SSL in your server for your Domain

    SSL encrypts the connection between your computer and users/Google/Any Search Engine. This helps prevent others, like Internet cafes, Internet Service Providers, and Wi-Fi hotspots, from seeing users activity, login, and any other activity and important information.

    There is most and latest Update that encourage you to use SSL is Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites. More detail you can google..

    Cheers

  10. #9
    Join Date
    Dec 2015
    Location
    W/ Sussex UK
    Posts
    497
    Thumbs Up/Down
    Received: 295/3
    Given: 87/8
    Thanks
    20
    Thanked 136 Times in 97 Posts
    Quote Originally Posted by mido View Post
    Now when Google is ranking HTTPS slightly better it is a good idea to get a SSL cert for your sites. It is not that expensive either nowdays.
    https only accounts for about 1% of your overall SEO score as considered by Google. Getting an SSL certificate for your site is no way a guarantee that Google will rank your site higher because of it. You have to get the other 99% of your SEO score up for that to happen. It's like having an an XML sitemap, just one part of your on-page SEO. You still need great content, usability and structure.

    Having an SSL cert on your site can install confidence in your sites users/buyers.

    Anything shared/transmitted on that site or from that site is securely encoded so that nobody can see/sniff that data.

    But does your site need an SSL?

    Not all sites need them. Example; wallpaper sites, or sites that don't require the transmission of any sensitive, private data like names, addresses, credit/debit card, bank details etc.

    However, if your site provides login ability, and transmits any of these kinds of sensitive information, payment info etc, then your site definitely needs an SSL certificate.

    It's just the standard thing today.

    But you might not necessarily want to use SSL all over your site.

    You can offer your browsers/readers/visitors the http version of your site.

    Then have it switch automatically to using SSL (https) for those that signup/login/checkout etc.

  11. #10
    Join Date
    Jan 2016
    Posts
    467
    Blog Entries
    1
    Thumbs Up/Down
    Received: 115/0
    Given: 32/0
    Thanks
    22
    Thanked 54 Times in 42 Posts
    SSL stripping can still be done and although it's a good idea to secure your site by adding layers like this, its better to secure it in the scripting itself. SSL is only a slight security advantage and any one actually interested in hacking your site knows the best method of security is a strong password and 256 bit encryption.

    Encryption like MD5 for example is pretty weak and there are automated programs which can easily brute force or dictionary attack these.

    SQL injection is one other method which can bypass SSL security. So your main benefit is a marginal SEO bump and keeping the script kiddies at bay. It also gives your customers a sense of trust with their visual green bar and lock.

  12. #11
    Join Date
    May 2016
    Posts
    22
    Thumbs Up/Down
    Received: 11/0
    Given: 0/0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If your website has an integrated Payment gateway, HTTPS is essential. The speed difference is not large enough for a user to notice and search engine's prefer the secure connection so you don't need to worry about being penalized for the slightly slower load times.

  13. #12
    Join Date
    Apr 2016
    Location
    Cloud 9 ;)
    Posts
    109
    Thumbs Up/Down
    Received: 56/0
    Given: 3/0
    Thanks
    0
    Thanked 22 Times in 18 Posts
    HTTPS is recommended for eCommerce activity. If your website doesn't involve transactions, then it's not an absolute necessity. You do have to pay annual fee for an SSL certificate to be installed on your website for HTTP to become HTTPS, so examine your website's purpose and ask yourself, does it really need it.

  14. The Following User Says Thank You to WebmasterPhil For This Useful Post:
    DavidLux (11-27-2018)

  15. #13
    Join Date
    Apr 2016
    Location
    Wildwood, GA
    Posts
    41
    Thumbs Up/Down
    Received: 17/0
    Given: 11/0
    Thanks
    5
    Thanked 5 Times in 5 Posts
    PROS
    You get a slight SEO boost
    It shows visitors that you are serious
    It makes hacking more difficult closing some doors hackers use
    It is required if you are handling credit card payments on your site
    Any secure sites that want to post your content (exa: banner code you provide them) will have issues
    The referrer header is lost when going from an SSL site to a non SSL site. It works fine the other way around. So if you don't have SSL you won't know as much about where your visitors are coming from.
    If you have optin forms (whether for member login or for capturing leads) it is a good idea and browsers are starting to throw warnings if you have forms and don't have SSL.

    CONS
    Slows down page load VERY slightly
    Costs money
    When it expires it will throw an error message if you don't remove it or renew it (so if you don't use the site and "forget" about it your site would be down. I've seen this issue too many times).
    It needs a dedicated IP which in most cases means more money and time to setup

    NOTES
    It's getting cheaper and easier to do SSL than it was in the past. In the future you may see more and more penalties for not having SSL. Below is the error I see in the console when visiting a page that has a password field and no SSL:
    Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.

    I also see indications of warnings on other forms (like in developer tools the URL is red when doing a form and it's not using SSL).

    Also, nearly all the big sites are forcing SSL connections for their sites. I wouldn't be surprised if big sites like Facebook start also showing preference to posts linking to secure sites.

    I think most websites have it backwards. They pay to have privacy (decreasing a visitors trust) and they don't pay to use SSL.

    In short, in my opinion if your site is worth more than a couple hundred dollars than SSL is worth it.

  16. #14
    Join Date
    Dec 2015
    Location
    Santa Rosa, CA
    Posts
    31
    Thumbs Up/Down
    Received: 2/0
    Given: 1/0
    Thanks
    3
    Thanked 6 Times in 6 Posts
    HTTP stands for Hyper Text Transfer Protocol. The thing is being cleared that HTTPS is a secure version of the HTTP protocol.

    The Disadvantages Of HTTPS

    It uses a lot of server resouces
    Browser Caching Won’t Work Properly
    HTTPS Introduces Latencies
    The Mixed Modes Issue
    Proxy Caching Problems


    The Advantages Of HTTPS

    Identity Verification
    Data Integrity
    SEO
    Trust

  17. #15
    Join Date
    Jan 2016
    Posts
    467
    Blog Entries
    1
    Thumbs Up/Down
    Received: 115/0
    Given: 32/0
    Thanks
    22
    Thanked 54 Times in 42 Posts
    Quote Originally Posted by RebeccaDooley View Post
    HTTP stands for Hyper Text Transfer Protocol. The thing is being cleared that HTTPS is a secure version of the HTTP protocol.

    The Disadvantages Of HTTPS

    It uses a lot of server resouces
    Browser Caching Won’t Work Properly
    HTTPS Introduces Latencies
    The Mixed Modes Issue
    Proxy Caching Problems
    I wouldn't necessarily say that the resources it uses are all that laborious considering the problem it solves, even though you're technically correct. Most people's internet connections are robust enough now where the extra processing it does is worth the added security benefit.

    To me it's mostly a trust badge. Your data on the internet is always vulnerable. The only difference is how vulnerable.

  18. #16
    Join Date
    Aug 2016
    Location
    France
    Posts
    74
    Thumbs Up/Down
    Received: 18/0
    Given: 10/0
    Thanks
    7
    Thanked 11 Times in 10 Posts
    Quote Originally Posted by RebeccaDooley View Post
    HTTP stands for Hyper Text Transfer Protocol. The thing is being cleared that HTTPS is a secure version of the HTTP protocol.

    The Disadvantages Of HTTPS

    It uses a lot of server resouces
    Browser Caching Won’t Work Properly
    HTTPS Introduces Latencies
    The Mixed Modes Issue
    Proxy Caching Problems


    The Advantages Of HTTPS

    Identity Verification
    Data Integrity
    SEO
    Trust
    HTTPS doesn't use more server resources, and the browser caching work properly with SSL/TLS.
    There is a latency during the first connection due to SSL handshake but using the HSTS (HTTP Strict Transport Security) header, you will allow browser to create cache and the next connections will not be impacted by the latency.
    The Mixed content issue could be quickly fixed, you just have to check what resources are loaded in http.

    You have also to consider SSL certificate is totally free now (letsencrypt, cloudflare, startssl etc ...), only EV certificates need to be paid.
    And the biggest advantage of using HTTPS is the new Protocol HTTP2 :

    https://www.cloudflare.com/http2/what-is-http2/

  19. #17
    Join Date
    Nov 2015
    Location
    Saint Louis, MO USA
    Posts
    207
    Thumbs Up/Down
    Received: 55/0
    Given: 45/0
    Thanks
    35
    Thanked 36 Times in 30 Posts
    Google just released a statement on September 8th, outlining their timeframe to start marking HTTP sites unsecure. If you don't already have HTTPS enabled, you might want to get on the ball.

  20. #18
    Join Date
    Dec 2016
    Posts
    21
    Thumbs Up/Down
    Received: 11/0
    Given: 1/0
    Thanks
    0
    Thanked 2 Times in 2 Posts
    HTTP stands for HyperText Transfer Protocol's (transfer protocol hypertext). This is an application protocol of the TCP / IP (including a group of platforms for internet protocol).

    HTTP-based activity model Client - Server. In this model, the user's computer will act as the client (Client). After a certain manipulation of the user, the client sends a request to the server (Server) and wait for the answer from this server. To be able to talk to each other, the server and client must be done through the exchange of protocol. One of the protocols used most often is HTTP.
    Is used so widely as contained in its HTTP but not at the point of restriction. As you proceed to make the access a Web site through the HTTP protocol, the browser will execute the connection to the Server version of the Web site through the IP address by domain name resolution system DNS provider.

    In the process of connecting and exchanging information, your browser will automatically acknowledges that IP address from the server of the website that you want to access without authentication measures. The information is transferred via the HTTP protocol (including your IP address, the information you input on the Website ...) he will not be encrypted and secure.

    This leads to the risk of your connection session to the server of the website may be "eavesdropping", or your access to be redirected to a Web page posing with original design which is identical Website users unaware.

    If you regularly use the online banking service, you will find the address when accessing the bank's domain name, protocol it uses HTTPS instead of HTTP will be at the site as usual. This is because, the upgraded version of HTTP HTTPS is used to enhance the security capabilities of information after each access.

    HTTPS is the abbreviation for "Hypertext Transfer Protocol Secure". This is a combination of HTTP and SSL security protocol or TLS. HTTPS makes exchange information securely over the Internet.

    Unlike HTTP, HTTPS authentication will support the legitimacy of the Website where users access through secure authentication checks (security certificate). The authentication security is provided and verified by the CA (Certificate Authority) is reputable. With the authentication from the CA, the user can know that we have the right access to the Website to access a Web site rather than any other pretending.

    Besides, the session connection between your browser to the server will be encrypted. This will help hide your IP address and input information about your account on the Website from the gaze of the hacker. HTTPS does not bring 100% secure. However, this is an effective security measure instead of using the traditional HTTP protocol risky capital available.

    Hope this helps!

  21. #19
    Join Date
    Aug 2015
    Posts
    55
    Thumbs Up/Down
    Received: 14/1
    Given: 10/0
    Thanks
    0
    Thanked 3 Times in 3 Posts
    http:// and https://
    The http:// is the HyperText Transfer Protocol - basic transfer protocol based on TCP / IP. You can see our forum: webmastersun.com is now using http.
    The https:// is the secured/encrypted transfer protocol - more secure than http:// because all the data transfered is encrypted with SSL. https:you can see google.com, yahoo.com, microsoft.com for example.

  22. #20
    Join Date
    Jul 2018
    Posts
    25
    Thumbs Up/Down
    Received: 1/0
    Given: 0/0
    Thanks
    0
    Thanked 1 Time in 1 Post
    HTTPS is the secure version of HTTP, which means that all communications between the browser and the website are encrypted. Especially if you are running an online business, you definitely need it, because your website with HTTPS means secure and trusted, your visitors fell safe on your website. Additionally, Google ranks higher HTTPS site because HTTPS is a reference factor in search ranking algorithms.

  23. #21
    Join Date
    Sep 2018
    Location
    Manchester
    Posts
    27
    Thumbs Up/Down
    Received: 0/0
    Given: 0/0
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Http means Hyper Text Transfer Protocol. It enables internet clients to exchanging data like picture, content, video, music, realistic and different documents on site pages. Http is essentially used to get to html pages and furthermore different assets can be open utilizing HTTP. HTTPS means Hypertext Transfer Protocol Secure. HTTPS is a convention which utilizes an encoded HTTP association by transport-layer security. At times, the customers might trade private data with a server, which should be anchored for keeping some hacking issue. Therefore, HTTPS was created by Netscape Corporation to permit approval and anchored exchanges.

  24. #22
    Join Date
    Nov 2018
    Posts
    9
    Thumbs Up/Down
    Received: 1/0
    Given: 1/0
    Thanks
    0
    Thanked 1 Time in 1 Post
    The difference if everything.
    Unsecured websites are a dead end.(obsolete, not to be trusted)
    You have to go HTTPS

    The sooner the better

  25. #23
    Join Date
    Nov 2012
    Posts
    149
    Thumbs Up/Down
    Received: 0/0
    Given: 25/0
    Thanks
    33
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by Mike_Brown View Post
    If your website has an integrated Payment gateway, HTTPS is essential. The speed difference is not large enough for a user to notice and search engine's prefer the secure connection so you don't need to worry about being penalized for the slightly slower load times.
    You are right, I read more about this, I also had an eCommerce website and I moved it to HTTPS, everything seems to be good now. The problem is, I only know HTTPS help my site better secure but how does it work and why it is making websites secure then maybe i need go to into details further.

  26. #24
    Join Date
    Jan 2019
    Posts
    17
    Thumbs Up/Down
    Received: 0/0
    Given: 0/0
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Google has marked https as a factor when ranking your site in SERP(search engien results page). Plus, poplular browsers like Chrome, Firefox show a http site as insecure in the address bar, which will give it's visitors a sense of insecurity.

  27. #25
    Join Date
    Feb 2019
    Posts
    46
    Thumbs Up/Down
    Received: 4/0
    Given: 25/0
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Https and the s stands for secure.
    This is good for sites that sell products and services that tell the customers that the connection is secure and that no malicious activity would take place.
    This is to help customers understand that safety of your site.
    Adds that extra professionalism to it.

Newer Threads

  1. DavidLux
    glennyjoycelyn
    Replies: 4 | Views: 2247
    Last post by glennyjoycelyn, 01-27-2014, 01:17 PM
  2. Jack London
    arronmattwills
    Replies: 1 | Views: 2009
    Last post by arronmattwills, 01-09-2014, 10:12 AM
  3. Jack London
    ClearEyes
    Replies: 1 | Views: 1695
    Last post by ClearEyes, 12-29-2013, 10:01 PM
  4. RobertMore
    RobertMore
    Replies: 0 | Views: 1101
    Last post by RobertMore, 12-29-2013, 11:14 AM
  5. RobertMore
    hudafaeq
    Replies: 9 | Views: 2365
    Last post by hudafaeq, 06-10-2014, 11:12 AM

Older Threads

  1. DavidLux
    sribharath
    Replies: 9 | Views: 3332
    Last post by sribharath, 02-04-2014, 10:55 AM
  2. arronmattwills
    BloodMaster
    Replies: 3 | Views: 2824
    Last post by BloodMaster, 12-30-2013, 07:02 AM
  3. Mr.Bin
    Hosting features
    By Mr.Bin in forum Web Hosting
    aronmatt3
    Replies: 8 | Views: 2592
    Last post by aronmatt3, 04-02-2014, 03:40 PM
  4. fromrachel
    Mompreneur
    Replies: 32 | Views: 7327
    Last post by Mompreneur, 12-17-2014, 02:23 PM
  5. valentina24
    psavsnacks
    Replies: 13 | Views: 5216
    Last post by psavsnacks, 03-11-2014, 11:40 AM

Latest Threads

  1. Marc van Leeuwen
    Goyum
    Replies: 3 | Views: 101
    Last post by Goyum, 02-13-2019, 07:51 AM
  2. ethelglover
    ravva
    Replies: 9 | Views: 75
    Last post by ravva, Today, 06:30 AM
  3. RyanChapman
    LearnTheNew
    Replies: 7 | Views: 117
    Last post by LearnTheNew, 02-13-2019, 06:20 AM
  4. ethelglover
    LearnTheNew
    Replies: 5 | Views: 108
    Last post by LearnTheNew, Yesterday, 05:16 AM
  5. tanikacampos
    RyanChapman
    Replies: 6 | Views: 156
    Last post by RyanChapman, 02-14-2019, 10:32 AM

Similar Threads

  1. Jovani
    Alex Thompson
    Replies: 1 | Views: 2314
    Last post by Alex Thompson, 09-29-2014, 10:33 AM
  2. sanusense
    vaneetagoswami
    Replies: 4 | Views: 2576
    Last post by vaneetagoswami, 08-21-2014, 06:25 AM
  3. axissoftech
    NicholasM
    Replies: 3 | Views: 1653
    Last post by NicholasM, 08-12-2014, 10:58 AM
  4. anamika78
    fastreplies
    Replies: 8 | Views: 3179
    Last post by fastreplies, 05-16-2014, 06:05 PM
  5. jdunhin
    zocipro
    Replies: 2 | Views: 2136
    Last post by zocipro, 04-01-2013, 05:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Internet Marketing Forum

Webmaster Sun is a forum where you’ll find in-depth discussions and resources to help you succeed on the web whether you are new or experienced. You’ll find it all here. With topics ranging from internet marketing, search engine optimization, social networking, make money online, web hosting, affiliate marketing as well as hands-on technical support for web design, programming and more. We are a growing community of like-minded people that is keen to help and support each other with ambitions and online endeavors. Learn and grow, make friends and contacts for life.

Come Hang Out With Us

    Facebook Twitter Webmaster Forum Google+

    Webmaster Sun Logo
Copyright ©2012 - 2019, WebmasterSun.com. All rights reserved. Internet marketing forum for internet marketers, webmasters, web hosting providers, designers and affiliate marketers.

Welcome to Webmaster Sun

The World's Number 1 Webmaster Community, SEO and Marketplace

Log in!

Continue with Facebook
Continue With Email. By signing up you indicate that you have read and agree to the Terms of Service and Privacy Policy.

Sign in Manually

Need an account? Sign up now!