Last Updated: March 31, 2021
Home » Blog Posts » SEO » HTTP vs HTTPS – What’s the Difference & Which Is Best?

HTTP vs HTTPS – What’s the Difference & Which Is Best?

HTTP vs HTTPS - which one should you be using?

You may have noticed that some website URLs begin with HTTPS while others begin with HTTP. What’s the difference and which one is better for SEO?

That’s some of what you’ll discover in this article.

http vs https

What Is HTTP?

HTTP stands for Hypertext Transfer Protocol. It was created by Tim Berners-Lee in the early 1990’s, when the Internet was still in its early stages.

So what exactly is HTTP?

Well, without getting too technical, it’s a network protocol that allows web browsers and servers to communicate with each other through the exchange of data.

But there’s a problem with HTTP.

And that is that the data sent and received is not encrypted. It can be intercepted by third parties and potentially altered, making both the information itself and the information receiver vulnerable.

http - not secure

What Is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure. 

The ‘Secure’ part of HTTPS refers to the fact that data is transmitted securely, either through a Secure Socket Layer (SSL) or through Transport Layer Security (TLS).

Put simply, HTTPS is HTTP with an added layer of security.

HTTPS Encrypts Data

With HTTP, information flowing from server to browser is not encrypted. That means any data you enter into a form on a website site (e.g. username, password, credit card or bank details) will be sent as plaintext. It can therefore be intercepted and used by third parties.

But with HTTPS, data is encrypted before being transmitted. Even if someone were able to intercept that data, it would mean nothing to them because the information has been turned into code.

HTTPS and SSL/TLS

Adding an SSL (Secure Socket Layer) certificate to your website is what turns the HTTP part of your URL into HTTPS.

Although people still call it SSL, the latter has now been deprecated and replaced by TLS (Transport Layer Security). TSL  does the same as SSL: it encrypts data and authenticates connections between  server and browser. But it's much more secure than SSL was.

https provides encryption

What’s The Difference Between HTTP And HTTPS?

In most browsers, a website that uses HTTP will be marked as ‘unsecure’.

In Google Chrome, for example, an HTTP site is labelled ‘Not Secure’:

http is labelled 'not secure in Google Chrome

In Firefox, an HTTP site will be marked by a padlock icon with a slash through it:

http is marked in Firefox by a padlock icon with a slash through it

In both cases, the visitor is being warned that the site is HTTP and therefore not secure.

So the difference between HTTP and HTTPS comes down to an SSL certificate: one of them has it and the other doesn’t.

Here are some technical details about the difference between the two protocols:

  • HTTP sends data over port 80 while HTTPS uses port 443.
  • HTTP operates at application layer, while HTTPS operates at transport layer.
  • HTTP doesn't require domain validation, whereas HTTPS requires at least domain validation and certain certificates even require legal document validation.
  • There’s no encryption in HTTP, whereas with HTTPS the data is encrypted before sending.

What Are The Advantages of Using HTTPS?

The main advantage of HTTPS is simply having a more secure website. If you use WordPress, for example, your user name and password will be more secure with HTTPS.

Here are some other advantages of using HTTPS:

  • Build trust with your website visitors because your site is secure - in a study carried out by GlobalSign, more than 80 percent of respondents said they would abandon a purchase if there was no HTTPS in use
  • Improve your website’s SEO - in 2014 Google announced HTTPS as a ranking signal.
  • Better data in Google Analytics - HTTPS preserves referrer data whereas with HTTP, referral sources will just appear as “direct traffic”.
  • Eligibility for AMP (Accelerated Mobile Pages) - AMP is a stripped down HTML created by Google that produces fast-loading mobile versions of web pages. But to be eligible for AMP, you need to have an HTTPS website

How To Switch From HTTP To HTTPS

Here’s a list of things you should do when switching from HTTP to HTTPS:

  • Decide which type of SSL certificate you need/want.
  • Install and configure your SSL certificate on your hosting account (most times, this will be done for you by your web host).
  • Make a backup of your entire site so that you can return to the HTTP version if necessary.
  • Change any hard internal links from http to https
  • Update your robots.txt file so that it includes your updated sitemap
  • Update Javascript and any third party plugins
  • Update your CDN (Content Delivery Network) SSL settings

SEO Considerations when Switching to HTTPS

Switching to HTTPS is a big plus for your SEO. But your URL changes when you switch to SSL, so there are some things you to do to protect your website's current SEO:

  • Notify Google (in your Google Search Console account) that you have switched from HTTP to HTTPS.
  • Implement 301 redirects throughout your site on a page-by-page basis: this will ensure that the link juice from your http pages transfers to your https pages. This will ensure you don't lose any SEO strength your website has accumulated.

How to Force Websites To Use HTTPS

Even after you have installed an SSL certificate and converted your website to HTTPS, other websites will still be able to access your website using the HTTP protocol.

However, it’s better for both you and your visitors, if they only access your site using the HTTPS protocol.

And luckily, there’s a way to force all your website visitors to use the HTTPS version of your website.

Here’s how to do it.

  • Go to the File Manager on your web host and open the .htaccess file, which you’ll find inside the public_html folder.
  • Within the .htaccess file scroll down until you find a line of code that says: RewriteEngine On.
  • Then, insert these lines of code (marked in blue) immediately beneath.

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you don’t feel confident doing this, your web host will most likely do it for you.

With that code added to your .htaccess file, all visitors accessing your site will be forced to use your SSL certificate (i.e the HTTPS version of your URL).

How Much is an SSL Certificate?

The cost of an SSL certificate depends on the level of assurance that the certificate conveys. There are three levels of assurance in SSL certificates:

(1) Extended Validation (EV) SSL

This is the highest level of trust assurance an SSL Certificate can have. Prior to a Certification Authority (CA) issuing an EV SSL, your website and business will be subject to a strict vetting process. This is why this kind of SSL is more expensive than the other two.

EV SSLs can range in price from $100 per year to $900 per year.

(2) Organization Validated (OV) SSL

This SSL Certificate carries a medium level of assurance. With this certificate, a Certificate Authority (CA) will verify that you own the domain and will conduct some organizational vetting.

OV SSL certificates range in price from $35 per year to $350 per year.

(3) Domain Validated (DV) SSL

This SSL certificate has the lowest level of assurance. It provides the most basic form of encryption and only establishes domain ownership.

DV SSL certificates range in prices from $9 per year to $200 per year

If you're wondering why SSL certificates with higher levels of trust assurance are more expensive, the reason is the vetting process: it has to be done by humans and the more expensive the certificate, the more thorough the checking process.

Conclusion

HTTP is steadily being phased out across the Internet, in favor of HTTPS. If your website doesn't already use HTTPS, you should seriously consider getting an SSL certificate.

There are various reasons for doing so, but the two most important, in my view, are trust and SEO.

Trust is a precious commodity on the Internet. So anything you can do to increase your visitors’ trust in your website is well worth it.

The second consideration is SEO. If you rely on traffic from the search engines, then an SSL certificate is absolutely essential, since Google has made the presence of HTTPS a ranking signal.

Rob Powell
Follow Me
Share
Tweet
Pin