HTTP vs HTTPS: Understanding Secure Communication

Syed Wasif HussainSyed Wasif Hussain
4 min read

Think of browsing the web as sending messages. Using HTTP (Hypertext Transfer Protocol) is like sending a postcard. Anyone who handles it along the way—from the post office to the mail carrier—can read its contents. It's open and completely insecure. This was the original protocol for the web, and it's fine for websites that don't handle sensitive information, like a simple blog.

HTTPS (Hypertext Transfer Protocol Secure), on the other hand, is like sending that same message in a sealed, tamper-proof armored box. Only the person with the correct key can open it. This secure connection is essential for websites where you exchange personal information, such as online banking, e-commerce stores, or any site with a login.

You can easily tell if you're on a secure site by looking for two things in your browser's address bar:

  1. The URL starts with https:// instead of http://.

  2. A padlock icon 🔒 is visible, indicating a secure and encrypted connection

The Guardian of the Web: The Role of SSL/TLS

How does HTTPS create that armored box? It uses a technology called SSL/TLS.

SSL (Secure Sockets Layer) was the original protocol, but it has since been replaced by the more modern and secure TLS (Transport Layer Security). Though the name has changed, the term "SSL" is still commonly used to refer to the SSL/TLS certificate that websites use to enable HTTPS.

SSL/TLS provides three crucial layers of protection:

  1. Encryption: It scrambles the data sent between your browser and the server. Even if a hacker intercepts the information, it will look like a meaningless jumble of characters without the secret decryption key.

  2. Authentication: The SSL certificate acts as a digital passport for the website. It verifies that the server you are connected to is genuinely who it claims to be (e.g., you are connected to yourbank.com and not a clever phishing site).

  3. Integrity: It ensures that the data has not been secretly modified or corrupted during its journey. A digital "seal" is placed on the data, and if it's broken or changed in any way, the connection will signal an error.

Speaking the Web's Language: Common HTTP Status Codes

When your browser sends a request to a server, the server responds with an HTTP status code before sending any content. This three-digit code is a quick message that tells the browser the result of its request.

Here are some of the most common ones, grouped by their first digit:

2xx – Success ✅

This means the request was received, understood, and processed successfully.

  • 200 OK: The classic success code. Everything worked perfectly. The server has sent back the webpage or data you requested.

3xx – Redirection ↪️

This means you need to go somewhere else to get the resource.

  • 301 Moved Permanently: The page you're looking for has a new, permanent address. Your browser will usually remember this new location for the future.

  • 302 Found: This is a temporary redirect. Your browser will go to the new location for now but will check the original address again next time.

4xx – Client Error ❌

This means the mistake was on your end (the client's side).

  • 403 Forbidden: You are not allowed to view this page. You have a valid connection, but you lack the necessary permissions.

  • 404 Not Found: The most famous error. The server cannot find the resource or page you requested. It might have been moved or deleted.

5xx – Server Error ⚠️

This means something went wrong on the website's server.

  • 500 Internal Server Error: This is a generic "Houston, we have a problem" code. It means the server encountered an unexpected issue and couldn't fulfill the request. The problem is not on your end.

The Verbs of the Web: HTTP Methods and Their Use Cases

An HTTP request doesn't just ask for a page; it includes a "method" or "verb" that tells the server what action to perform. Think of these as commands you give to the server.

  • GET: This is the most common method. It's used to retrieve or "get" data from a server. When you type a URL, click a link, or load an image, your browser sends a GET request. It's a read-only operation.

  • POST: This method is used to submit data to a server to create a new resource. When you fill out a contact form, log in with a username and password, or write a new blog post, you're sending data via a POST request.

  • PUT: This is used to update an existing resource on the server. It replaces the entire target resource with the new data you've sent. For example, updating your entire user profile at once.

  • DELETE: As the name implies, this method is used to delete a specific resource from the server, such as deleting a comment or a photo you've uploaded.

  • PATCH: This is similar to PUT but is used for partial updates. Instead of replacing the entire resource, PATCH only modifies the specific pieces of information that need to be changed, making it more efficient. For example, just changing your username instead of updating your whole profile

0
Subscribe to my newsletter

Read articles from Syed Wasif Hussain directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Hashnode@hiteshchoudharylco#HiteshChaudhary #piyushgarag

Written by

Syed Wasif Hussain
Syed Wasif Hussain