HTTP VS HTTPS
The HTTP, whose meaning in English is Hypertext Transfer Protocol, its defined as: the way, the form, or to put it colloquially, the language of communication of minimal information on the Web. Basically when we open a Web page from a browser, both the client (destination) and the server (source) communicate through the protocol called HTTP. For the message to be understandable between them, both must understand and at the same time interpret the same language, so it is a common language between the parties.
Imagine the following daily scenario: we need to transmit a message to a person, therefore here they participate: the one who sends (origin / issuer) and the one who receives (destination / receiver), so that the transmitted message is understood and interpreted by the receiver is imperative that both communicate in the same language. This analogy is the same as what happens in an HTTP transmission.
HTTP is a very basic communication language because the exchange of information between one point (server) to another (client) is based on data of the text type (on the web called hyper text) and in turn the web browser: generates , shows or interprets the content at an understandable level, visually speaking, for end users.
However, the fundamental difference with HTTPS (apart from the letter S obviously) is that in addition to being an HTTP protocol, a data encryption component is added to both ends of the communication, through the digital certificates configured in the server and adding a new protocol called SSL, so HTTPS is an HTTP + SSL. The communication is safe and only the receiver of the information will be able to understand the result, but let’s clarify, that does not mean that the site itself is safe.
When we talk about site security we refer to much more technical and care things: validation of the type of data, filter and sanitation of the received, captcha anti robot, robustness of the password; and a lot of other techniques to avoid attacks of type: XSS, Injection SQL, among others. Therefore it is important to understand that a site with HTTPS protocol can be technically as secure or insecure as one with HTTP, although HTTPS certainly takes an additional step in securing the transmission of the data itself.
When a page requests sensitive data, being: passwords, access pin, and even more so when it comes to monetary transactions, the reality is that this site should inevitably have HTTPS.
It is important for a site to have HTTPS as it is one of the factors that can help improve the positioning in Google.
Additional details regarding HTTPS
As a disadvantage we can say that the communication between the client and the server is a bit slower because it is an “additional calculation” when encrypting and deciphering the information sent in each interaction.
As an advantage, Google penalizes sites that do not use HTTPS, in other words, those with HTTPS have a greater preference for positioning (obviously, we must also take into account everything that SEO refers to).
If a page requests any type of data through a web form and it does not have HTTPS, we would see the text “unsafe site” in the web browser bar.