What Do HTTP and HTTPS Stand For?

HTTP vs. HTTPS: The differences matter

You're probably familiar with the https and http part of a URL. It's the first section of a URL before the FQDN, such as in https://www.lifewire.com. You probably notice that some websites use HTTPS while others use HTTP.

HTTP and HTTPS are both responsible for providing a channel where data can be transmitted between your device and a web server so that normal web browsing functions can take place.

The difference between HTTP and HTTPS is the s at the end of the latter. However, even though only one letter differentiates them, it's indicative of a huge difference in how they work at the core. In short, HTTPS is more secure and should be used at all times when secure data needs to be transferred, as in the case of logging into your bank's website, writing emails, sending files, etc.

Illustration of the difference between http and https
Lifewire / Colleen Tighe

So, what do HTTPS and HTTP mean? Are they really that different? Keep reading to learn more about these concepts, including what role they play in using the web and why one is far superior over the other.

What Does HTTP Mean?

HTTP stands for HyperText Transfer Protocol, and it's the network protocol used by the World Wide Web that lets you open web page links and jump from one page to the next across search engines and other websites.

In other words, HTTP provides a pathway for you to communicate with a web server. When you open a web page that uses HTTP, your web browser uses the HyperText Transfer Protocol (over port 80) to request the page from the web server. When the server receives and accepts the request, it uses the same protocol to send the page back to you.

This protocol is the foundation for large, multi-functioning, multi-input systems—like the web. The web as we know it wouldn't function without this bedrock of communication processes, as links rely on HTTP in order to work properly.

However, HTTP sends and receives data in plain text. This means that when you're on a website that uses HTTP, anyone listening in on the network can see everything that's being communicated between your browser and the server. This includes passwords, messages, files, etc.

HTTP describes how data is transmitted, not how it's displayed in a web browser. HTML is responsible for how web pages are formatted and shown in a browser.

What Does HTTPS Mean?

HTTPS is very similar to HTTP, with the key difference being that it is secure, which is what the s at the end of HTTPS stands for.

HyperText Transfer Protocol Secure uses a protocol called SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which essentially wraps the data between your browser and the server in a secure, encrypted tunnel over port 443. This makes it much harder for packet sniffers to decipher, unlike HTTP.

TLS is the successor to SSL, but you might still hear HTTPS be referred to as HTTP over SSL.

TLS and SSL are especially useful when shopping online to keep financial data secure, but they're also used on any website that requires sensitive data (e.g., passwords, personal information, payment details).

Another benefit of HTTPS over HTTP is that it's much faster, meaning that web pages load quicker over HTTPS. The reason for this is because HTTPS is already understood to be secure, so no scanning or filtering of data has to take place, resulting in less data being transferred and ultimately quicker transfer times.

To see just how much faster the secure protocol is over the unencrypted one, use this HTTP vs. HTTPS test. In our tests, HTTPS consistently performed 60–80 percent faster.

The easiest way to know if the website you're on is using HTTPS is by looking for https in the URL. Most browsers put a lock icon to the left of the URL, too, to indicate that the connection is secure. In fact, in some browsers, you can select that icon to see a message like Connection is secure.

HTTPS Doesn't Protect Everything

As important as it is to use HTTPS whenever possible, and for website owners to implement HTTPS, there's a lot more to online security than just choosing a secure web page over an unsecured one.

For example, HTTPS doesn't help much in phishing cases where you're fooled into entering your password into a fake login form. The page itself may very well use HTTPS, but if on the receiving end of it is someone collecting your user information, the secure protocol was just the tunnel they used to do it.

You can also download malicious files over an HTTPS connection. Again, the connection protocol used to communicate with the web server doesn't speak at all about the data it's transferring. You could download malware all day over a secure channel; HTTPS will do nothing to stop it.

Something else to remember about web security in terms of HTTPS and HTTP is that the network protocol doesn't protect you from hacking or over-the-shoulder snooping. As obvious as it might seem, you still need to create strong passwords for your accounts—ones that are difficult to guess—and log out when you're done with an online account (especially if you're on a public computer).

Using HTTPS is also different from using a VPN. One reason people opt for a VPN is because it changes their public IP address and makes them appear to be accessing the web from a different physical location. This is not a feature you get from HTTPS websites.

FAQ
  • What is an HTTPS proxy?

    An HTTP proxy, also known as a web proxy, is a way to hide your IP address from the websites you visit. If you're on a web page while using a web proxy, the site can see an IP address accessing its server, but it's not your address it sees. The web traffic between your computer and the server passes first through the proxy server, so the website sees the proxy's IP address, not yours.

  • How do I make a website HTTPS?

    To enable HTTPS on your website, first, make sure your website has a static IP address. You'll then need to buy an SSL certificate from a trusted Certificate Authority (CA) and install the SSL certificate onto your web host's server. You'll likely need to change links that point to your website to account for the HTTPS in your URL.

  • What port is HTTPS?

    HTTPS is on port 443. While most websites work with HTTPS via port 443, there are times when port 443 isn't available. In these cases, the website will be available over HTTPS on port 80, which is the usual port for HTTP.

Was this page helpful?