HTTP stands for HyperText Transfer Protocol. It is the foundation of any data exchange on the Web. It's a client-server protocol. In client-server protocol which means requests are initiated by the recipients (normally a web browser) and serve the responses from the server. HTTP is an application layer protocol that is sent over TCP or a TLS encrypted TCP connection. (Why TCP? TCP is reliable over UDP, therefore HTTP relies on TCP standard). It is used to fetch documents, images, videos from servers like HTML pages. HTTP is a Layer 7 protocol in the OSI model.
Between the client and the server, there are several numerous entities, collectively called Proxies. Proxies can be transparent, forwarding on the requests they received without altering them in any way. It can be used to perform:
- Load Balancing.
HTTP is stateless but not sessionless. There is no link between two requests being successful on the same connection. But HTTP cookies allow the stateful sessions allowing session creation on each HTTP request to share the same context or state.
HTTPS is HTTP with encryption. What it really means in a simple term is HTTPS works to protect the communication between the server and the client when transporting data. It ensures a digital protocol that uses cryptographic keys to encrypt and validate the data. The most common way to have a digital protocol is by obtaining a secure socket layer (SSL) or Transport layer certificate (TLS).
Let's visualize this with a diagram:
The main difference is if you use plain HTTP anyone who can intercept, can track what you do on the internet. That middle man can be your internet service provider, can be a hacker anyone who can basically. In fact, by default, all of the chromium browsers will stop you to visit an HTTP-only site (Firefox has this feature but it's not enabled by default).
Some of the key differences are as below:
- HTTP is fast because HTTPS consumes more computational power to encrypt the communications.
- HTTP opens on port 80, HTTPS on port 443 by default.
- HTTP operates on the Application layer (Layer 7), HTTPS on Transport Layer (Layer 4).