Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

why some wrbsite begin with https not http

why some wrbsite begin with https not http
4 Solutions
Hi teera,

HTTPS is a secure site whereas a HTTP site isnt.....

https:// is used when traffic to/from that web page will be "secure", i.e. encrypted.

This comes at the cost of some added complexity, which is why all pages don't use it, and in fact most information on the web, such as news, articles, personal web pages, does not need to be encrypted since it is public almost by definition.

You will find https:// used with pages that handle sensitive information that you don't want to snooped, such as banking, shopping sites etc.

Some more info here:  http://www.computerhope.com/jargon/h/http.htm
Please take a look at http://en.wikipedia.org/wiki/Https it explains the background quite nicely:

https is a URI scheme which is syntactically identical to the http: scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port and an additional encryption/authentication layer between HTTP and TCP. This system was invented by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the Web for security-sensitive communication, such as payment transactions.

How it works
Strictly speaking, HTTPS is not a separate protocol...

If you browse the internet on http:// pages, someone in between can read everything you send or receive as it is send in plain text. As most information on the internet is public, there is no reason to change this.

However you don't want your banking-details or credit-card information to be readable by someone else. Therefore it is possible to encrypt the data so that only your computer and the webserver are able to decrypt the information send to eachother. If someone is reading the encrypted communication, s/he will only see meaningless garbage.

You might wonder why we don't encrypt all communications and that's easy to explain. Encryption and decryption both require a lot of calculating thus it takes up some CPU-time. If you are surfing the web you probably won't notice the difference in time between encrypted and not encrypted traffic, but that is because your PC is handling only one, maybe two encrypted connections at a time. But the webserver is maintaining hundreds or thousands connections at the same time, so here encryption becomes a problem. The webserver is easily overloaded. The problem is so big, that you can buy specialized encryption-cards for webservers so that the server itself doesn't have to do the encryption anymore. Problem is that those encryption-cards are very powerfull and therefore very expensive.

So a normal website is usually not encrypted and starts with http://, but some websites do require encryption and start with https://. The webmaster desides which pages require encryption and he will be reluctant to encrypt pages as it is more expensive.

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now