Internet, Networking, & Security Around the Web 138 138 people found this article helpful What Do HTTP and HTTPS Stand For? HTTP vs. HTTPS: The differences matter By Tim Fisher General Manager, VP, Lifewire.com Tim Fisher has 30+ years' professional technology support experience. He writes troubleshooting content and is the General Manager of Lifewire. our editorial process Facebook Twitter LinkedIn Tim Fisher Updated December 05, 2019 Around the Web How to Get a VPN Tweet Share Email You're probably familiar with the https and http part of a URL. It's the first section or a URL before the FQDN, such as in https://www.lifewire.com, and you probably notice that some websites use HTTPS while others use HTTP. HTTP and HTTPS are both responsible for providing a channel where data can be transmitted between your device and a web server so that normal web browsing functions can take place. The difference between HTTP and HTTPS is the s at the end of the latter. However, even though only one letter differentiates them, it's indicative of a huge difference in how they work at the core. In short, HTTPS is more secure and should be used at all times when secure data needs to be transferred, like in the case of logging into your bank's website, writing emails, sending files, etc. Lifewire / Colleen Tighe So, what do HTTPS and HTTP mean? Are they really that different? Keep reading to learn more about these concepts, including what role they play in using the web and why one is far superior over the other. What Does HTTP Mean? HTTP stands for HyperText Transfer Protocol, and it's the network protocol used by the World Wide Web that lets you open web page links and jumps from one page to the next across search engines and other websites. In other words, HTTP provides a pathway for you to communicate with a web server. When you open a web page that uses HTTP, your web browser uses the HyperText Transfer Protocol (over port 80) to request the page from the webserver. When the webserver receives and accepts the request, it uses the same protocol to send the page back to you. This protocol is the foundation for large, multi-functioning, multi-input systems — like the web. The web as we know it wouldn't function without this bedrock of communication processes, as links rely on HTTP in order to work properly. However, HTTP sends and receives data in plaintext. This means that when you're on a website that uses HTTP, anyone listening in on the network can see everything that's being communicated between your browser and the server. This includes passwords, messages, files, etc. HTTP describes how data is transmitted, not how it's displayed in a web browser. HTML is responsible for how web pages are formatted and shown in a browser. What Does HTTPS Mean? HTTPS is very similar to HTTP, with the key difference being that it is secure, which is what the s at the end of HTTPS stands for. HyperText Transfer Protocol Secure uses a protocol called SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which essentially wraps the data between your browser and the server in a secure, encrypted tunnel over port 443. This makes it much harder for packet sniffers to decipher, unlike HTTP. TLS is the successor to SSL, but you might still hear HTTPS be referred to as HTTP over SSL. TLS and SSL are especially useful when shopping online to keep financial data secure, but is also used on any website that requires sensitive data (e.g., passwords, personal information, payment details). Another benefit of HTTPS over HTTP is that it's much faster, meaning that web pages load quicker over HTTPS. The reason for this is because HTTPS is already understood to be secure, so no scanning or filtering of data has to take place, resulting in less data being transferred and ultimately quicker transfer times. To see just how much faster the secure protocol is over the unencrypted one, use this HTTP vs. HTTPS test. In our tests, HTTPS consistently performed 60–80 percent faster. The easiest way to know if the website you're on is using HTTPS is by looking for https it in the URL. Most browsers put a lock icon to the left of the URL, too, to indicate that the connection is secure. HTTPS Doesn't Protect Everything As important as it is to use HTTPS whenever possible, and for website owners to implement HTTPS, there's a whole lot more to online security than just choosing a secure web page over an unsecured one. For example, HTTPS doesn't help much in phishing cases where you're fooled into entering your password into a fake login form. The page itself may very well use HTTPS, but if on the receiving end of it is someone collecting your user information, the secure protocol was just the tunnel they used to do it. You can also download malicious files over an HTTPS connection. Again, the connection protocol used to communicate with the webserver doesn't speak at all about the data is transferring. You could download malware all day over a secure channel; HTTPS will do nothing to stop it. Something else to remember about web security in terms of HTTPS and HTTP is that the network protocol doesn't protect you from hacking or over-the-shoulder snooping. As obvious as it might seem, you still need to create strong passwords for your accounts — ones that are difficult to guess — and log out when you're done with an online account (especially if you're on a public computer).