Understanding HTTP, HTTPS, & SSL

As technology and business become more integrated, lack of familiarity with basic terms can put one at a disadvantage when making crucial business decisions. Our ongoing Technology Basics blog series is aimed to fill in some of those knowledge gaps, and provide you with a firm foundation as you make technology decisions, starting with three very important terms: HTTP, HTTPS, and SSL.

Defining Data Transfer Over the Web: HyperText Transfer Protocol (HTTP)

HyperText Transfer Protocol is best understood by breaking it into two terms, “hypertext” and “transfer protocol”. The term hypertext was first used by Ted Nelson in 1965, and describes text which links to other text. In other words, every time you click on a link while surfing the web, you benefit from hypertext. Hypertext as its own special language, HyperText Markup Language or HTML, which is used to define documents that live on the web; these same documents are delivered via HTTP, the HyperText Transfer Protocol.

A transfer protocol is simply a predefined format that allows data to be send and received by digital devices. In this case, the format is explicitly designed to allow the transfer of hypertext (in other words, the data will usually be formatted as HTML). Any time your browser displays a “web page,” the data that your browser uses to construct the page you see is sent via HTTP. Furthermore, if you fill out and submit a form on a website, that data will also be sent via HTTP.

Securing HTTP with HTTPS

Since HTTP is a format for exchanging data, it makes sense that HTTPS is simply “HTTP Secure,” a safer way of sending HTTP data. HTTPS allows for two way data encryption, and can prevent man-in-the-middle types of attacks. Originally HTTPS was used primarily for payment transactions, but today HTTPS is being used ubiquitously across the web to safeguard transactions.

Verifying Online Identities with SSL Certificates

SSL stands for Secure Socket Layer, and is the means for securing HTTPS data. Simply put, this layer encrypts data so that third parties cannot snoop. In order to secure the data, SSL providers use SSL certificates that verify their identity. If we imagine our packets of data as being little passengers who are going to travel, SSL is like a plane transporting them, while SSL certificates are like pilot ID cards proving the person with the ID is authorized to fly the plane. Different types of SSL certificates offer different levels of validation, from basic Shared Certificates which some web hosting plans offer, to full Extended Validation Certificates that verify multiple aspects of a businesses identity.

CPURX: Professional Assistance in Securing Website

We hope this brief article has given you more insight into HTTP, HTTPS, and SSL. Remember, if your website is sending and receiving sensitive data, it is essential that you fully secure your website; necessary steps include securing the most appropriate type of SSL certificate, and performing a full website security scan. Contact a CPURX representative to learn more about how CPURX can assist you in securing your website and protecting valuable digital assets and data from theft and loss.

About Jason Volmut