The HTTP, whose meaning in English is Hypertext Transfer Protocol, its defined as: the way, the form, or to put it colloquially, the language of communication of minimal information on the Web. Basically when we open a Web page from a browser, both the client (destination) and the server (source) communicate through the protocol called HTTP. For the message to be understandable between them, both must understand and at the same time interpret the same language, so it is a common language between the parties.

Imagine the following daily scenario: we need to transmit a message to a person, therefore here they participate: the one who sends (origin / issuer) and the one who receives (destination / receiver), so that the transmitted message is understood and interpreted by the receiver is imperative that both communicate in the same language. This analogy is the same as what happens in an HTTP transmission.

HTTP is a very basic communication language because the exchange of information between one point (server) to another (client) is based on data of the text type (on the web called hyper text) and in turn the web browser: generates , shows or interprets the content at an understandable level, visually speaking, for end users.

However, the fundamental difference with HTTPS (apart from the letter S obviously) is that in addition to being an HTTP protocol, a data encryption component is added to both ends of the communication, through the digital certificates configured in the server and adding a new protocol called SSL, so HTTPS is an HTTP + SSL. The communication is safe and only the receiver of the information will be able to understand the result, but let’s clarify, that does not mean that the site itself is safe.

When we talk about site security we refer to much more technical and care things: validation of the type of data, filter and sanitation of the received, captcha anti robot, robustness of the password; and a lot of other techniques to avoid attacks of type: XSS, Injection SQL, among others. Therefore it is important to understand that a site with HTTPS protocol can be technically as secure or insecure as one with HTTP, although HTTPS certainly takes an additional step in securing the transmission of the data itself.

When a page requests sensitive data, being: passwords, access pin, and even more so when it comes to monetary transactions, the reality is that this site should inevitably have HTTPS.

It is important for a site to have HTTPS as it is one of the factors that can help improve the positioning in Google.

Additional details regarding HTTPS

As a disadvantage we can say that the communication between the client and the server is a bit slower because it is an “additional calculation” when encrypting and deciphering the information sent in each interaction.
As an advantage, Google penalizes sites that do not use HTTPS, in other words, those with HTTPS have a greater preference for positioning (obviously, we must also take into account everything that SEO refers to).
If a page requests any type of data through a web form and it does not have HTTPS, we would see the text “unsafe site” in the web browser bar.

See more blogposts here, and discovery the Scriptcase!

By ,

April 10, 2018

a

You might also like…

Web Development and IT Trends for 2024: Towards New Technological Horizons

The world of Information Technology (IT) and Web Development is constantly evolving, and the year 2...

Web Systems 101: Understanding the Fundamentals and Benefits

In today's digital age, web systems have become integral to our daily lives. These systems connect ...

Why is Low-Code essential for any business?

Low-Code is the IT term that refers to the process of using little code to develop software and app...

You might also like…

Get new posts, resources, offers and more each week.

We will use the information you provide to update you about our Newsletter and Special Offers. You can unsubscribe any time you want by clinck in a link in the footer of any email you receive from us, or by contacting us at sales@scriptcase.net. Learn more about our Privacy Police.