HTTP vs HTTPS | Cyber Security Tutorial - Learn with VOKS
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL
Back Next
Cyber Security
01. Introduction 02. Types of Cyber Threats 03. Cyber Security Domains 04. CIA Triad (Confidentiality Integrity Availability) 05. Career paths in Cyber Security 06. Certifications 07. Ethics and Responsible Disclosure 08. Laws and Regulation (e.g. GDPR, NDPR) 09. What is an OS? 10. Types: Window, Linus, macOS 11. Command-line vs GUI 12. OS Internals Overview (filesystems, processes, permissions) 13. Windows command prompt basics 14. Linux Bash Basics 15. File System Navigation 16. Basic Scripting 17. IP Addressing 18. DNS, DHCP 19. Mac Address 20. OSI VS TCP/IP Models 21. Ports and Protocols (TCP, UDP) 22. Common Protocols (HTTPS, FTP, SSH, etc.) 23. Packet structure 24. Firewalls, IDS/IPS, VPNs 25. Common attacks: MITM, Sniffing 26. Secure Network Practices 27. How the Web works 28. HTTP vs HTTPS 29. URLs, Headers, Cookies 30. Client-Server Architecture 31. Introduction To Web Security 32. OWASP Top 10 Overview 33. Common Threats (XSS, SQLi, CSRF) 34. Inpute validation and authentication flow 35. Basic Exploitation demo (e.g. XSS) 36. Burp Suite Introduction 37. Using a Browser For Testing 38. Password security 39. MFA-Antivirus 40. Cyber Hygeine Practice 41. Intro To Tools: Nmap, Wireshark, Netstat

HTTP vs HTTPS

HTTP Vs HTTPS

When you visit a website, you may notice that some addresses start with:

http://

and others start with:

https://

That single letter “S” makes a very important difference in security.

This explanation will clearly describe what HTTP and HTTPS are, how they work, and why HTTPS is safer.

What Is HTTP?

HTTP stands for HyperText Transfer Protocol.

It is the protocol (set of rules) used for communication between:

  • A web browser (client)
  • A web server

HTTP defines how requests and responses are formatted and transmitted.

When you type a website address in your browser, the browser sends an HTTP request to the server, and the server sends back an HTTP response.

How HTTP Works

Step 1: Browser Sends Request

Step 2: Server Processes Request

Step 3: Server Sends Response

Step 4: Browser Displays Content

Example of an HTTP request:


GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html

Example of an HTTP response:


HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1256

<html>
  <body>
    <h1>Hello World</h1>
  </body>
</html>

Important: HTTP sends data in plain text.

That means:

  • Anyone who intercepts the traffic can read it.
  • Passwords and sensitive data are visible.
  • Data can be modified in transit.

Problems With HTTP

Because HTTP is not encrypted:

  • Attackers can perform sniffing.
  • Attackers can perform Man-In-The-Middle attacks.
  • Login credentials can be stolen.
  • Sensitive data can be exposed.

If you log into a website using HTTP, your username and password can potentially be seen by attackers on the same network.

What Is HTTPS?

HTTPS stands for HyperText Transfer Protocol Secure.

It is simply HTTP with encryption added.

HTTPS uses TLS (Transport Layer Security) to encrypt communication between the browser and the server.

So instead of sending data in plain text, HTTPS encrypts the data before sending it.

How HTTPS Works

The process is similar to HTTP, but with extra security steps.

Step 1: Browser Connects To Server

Step 2: TLS Handshake Begins

Step 3: Server Sends Digital Certificate

Step 4: Browser Verifies Certificate

Step 5: Encrypted Session Is Established

Step 6: Secure Communication Begins

What Is A TLS Handshake?

A TLS handshake is the process where:

  • The browser and server agree on encryption methods.
  • The server proves its identity.
  • A secure session key is created.

After this handshake, all communication is encrypted.

What Is A Digital Certificate?

A digital certificate:

  • Confirms the identity of the website.
  • Is issued by a trusted Certificate Authority (CA).
  • Contains the server’s public key.

When you see a padlock icon in the browser, it means:

  • The certificate is valid.
  • The connection is encrypted.

Example Of Encrypted Data

Plain text (HTTP):


Username=admin&Password=123456

Encrypted version (HTTPS):


a8f92kd81jf02lskd9f0sl3jf92k...

Even if someone intercepts the encrypted data, they cannot read it without the secret key.

Key Differences Between HTTP And HTTPS

Security

HTTP: No encryption

HTTPS: Encrypted communication

Port Number

HTTP: Port 80

HTTPS: Port 443

Data Protection

HTTP: Vulnerable to interception

HTTPS: Protected against interception

Authentication

HTTP: No identity verification

HTTPS: Server identity verified with certificate

Performance

HTTPS used to be slower, but modern hardware makes the difference minimal.

Why HTTPS Is Important

HTTPS protects:

  • Login credentials
  • Credit card information
  • Personal data
  • Session cookies
  • API communication

Without HTTPS, attackers can:

  • Steal passwords
  • Modify website content
  • Inject malicious scripts
  • Hijack user sessions

Mixed Content Problem

If a website uses HTTPS but loads some resources over HTTP:

  • The connection is partially insecure.
  • Browsers may show warnings.

All resources (images, scripts, styles) should be loaded over HTTPS.

How To Force HTTPS On A Server (Example)

Example Apache configuration to redirect HTTP to HTTPS:


<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</VirtualHost>

This forces users to use secure connections.

How Browsers Show The Difference

HTTP site:

http://example.com

May show "Not Secure" warning.

HTTPS site:

https://example.com

Shows padlock icon.

Modern browsers strongly encourage HTTPS.

Is HTTPS Completely Secure?

HTTPS greatly improves security, but:

  • It does not protect against malware on your device.
  • It does not guarantee the website itself is trustworthy.
  • It does not prevent phishing websites with valid certificates.

HTTPS ensures secure transmission, not website quality.

Example Code:
# Example HTTP Request
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html

# Example HTTP Response
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1256

<html>
  <body>
    <h1>Hello World</h1>
  </body>
</html>

# Example Plain Text Data (HTTP)
Username=admin&Password=123456

# Example Encrypted Data (HTTPS)
a8f92kd81jf02lskd9f0sl3jf92k...

# Example Apache Redirect Configuration
<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</VirtualHost>
Cyber Security
Introduction Types of Cyber Threats Cyber Security Domains CIA Triad (Confidentiality Integrity Availability) Career paths in Cyber Security Certifications Ethics and Responsible Disclosure Laws and Regulation (e.g. GDPR, NDPR) What is an OS? Types: Window, Linus, macOS Command-line vs GUI OS Internals Overview (filesystems, processes, permissions) Windows command prompt basics Linux Bash Basics File System Navigation Basic Scripting IP Addressing DNS, DHCP Mac Address OSI VS TCP/IP Models Ports and Protocols (TCP, UDP) Common Protocols (HTTPS, FTP, SSH, etc.) Packet structure Firewalls, IDS/IPS, VPNs Common attacks: MITM, Sniffing Secure Network Practices How the Web works HTTP vs HTTPS URLs, Headers, Cookies Client-Server Architecture Introduction To Web Security OWASP Top 10 Overview Common Threats (XSS, SQLi, CSRF) Inpute validation and authentication flow Basic Exploitation demo (e.g. XSS) Burp Suite Introduction Using a Browser For Testing Password security MFA-Antivirus Cyber Hygeine Practice Intro To Tools: Nmap, Wireshark, Netstat
All Courses
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL