HTTPS Vs HTTP: There are several reasons why websites must be run on HTTPS rather than HTTP. HTTPS basically stands for HTTP over SSL (Secure Socket Layer). It is implemented to secure connections between the web servers and the client web browser. All the modern browsers support it and they treat HTTP as insecure connections.
The basic difference between the websites that have implemented and not implemented HTTPS can be seen through the browser of the client. The websites that have implemented https have the URL (Universal Resource Locator) beginning with https://. While in those without it start with http://. It indicates the difference in the port number being used to make a connection between the web server and the web browser. HTTPS runs on port number 443 which invokes SSL. HTTP runs on port 80.
The following entities are being encrypted while connections are made between the web server using https and the client web browser:
URL of the requested document
When the URL of the requested document is being encrypted, the adversary getting in between the communication of the web browser and the client browser cannot understand the URL that the client browser is making requests.
Contents of the document
When communication between the browser and the server happens the server acknowledges the client with the requested resources or documents. If the resources being shared between the client and the server needs to be confidential, the contents of the documents need to be encrypted.
Contents of browser forms (filled in by browser user)
While in transit, the information fed to the server through the web forms can be understood by the unauthorized entities. To avoid this the contents of the forms filled in by the browser user need to be encrypted.
Cookies sent from browser to server and from server to browser
The connection between the server and the browser can be made to happen faster by using temporary files known as cookies. These files can contain a lot of information that the unauthorized entities can use to gain access to resources. To avoid this the cookies used between the browser and the server, and server and browser need to be encrypted.
Contents of HTTP header
HTTP header contains information about the connection between the server and the client browser. If this information is not encrypted, the unauthorized entities can interpret this information to gain unauthorized access or perform attacks on the server.
