• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

why some wrbsite begin with https not http

why some wrbsite begin with https not http
4 Solutions
Hi teera,

HTTPS is a secure site whereas a HTTP site isnt.....

https:// is used when traffic to/from that web page will be "secure", i.e. encrypted.

This comes at the cost of some added complexity, which is why all pages don't use it, and in fact most information on the web, such as news, articles, personal web pages, does not need to be encrypted since it is public almost by definition.

You will find https:// used with pages that handle sensitive information that you don't want to snooped, such as banking, shopping sites etc.

Some more info here:  http://www.computerhope.com/jargon/h/http.htm
Please take a look at http://en.wikipedia.org/wiki/Https it explains the background quite nicely:

https is a URI scheme which is syntactically identical to the http: scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port and an additional encryption/authentication layer between HTTP and TCP. This system was invented by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the Web for security-sensitive communication, such as payment transactions.

How it works
Strictly speaking, HTTPS is not a separate protocol...

If you browse the internet on http:// pages, someone in between can read everything you send or receive as it is send in plain text. As most information on the internet is public, there is no reason to change this.

However you don't want your banking-details or credit-card information to be readable by someone else. Therefore it is possible to encrypt the data so that only your computer and the webserver are able to decrypt the information send to eachother. If someone is reading the encrypted communication, s/he will only see meaningless garbage.

You might wonder why we don't encrypt all communications and that's easy to explain. Encryption and decryption both require a lot of calculating thus it takes up some CPU-time. If you are surfing the web you probably won't notice the difference in time between encrypted and not encrypted traffic, but that is because your PC is handling only one, maybe two encrypted connections at a time. But the webserver is maintaining hundreds or thousands connections at the same time, so here encryption becomes a problem. The webserver is easily overloaded. The problem is so big, that you can buy specialized encryption-cards for webservers so that the server itself doesn't have to do the encryption anymore. Problem is that those encryption-cards are very powerfull and therefore very expensive.

So a normal website is usually not encrypted and starts with http://, but some websites do require encryption and start with https://. The webmaster desides which pages require encryption and he will be reluctant to encrypt pages as it is more expensive.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now