HTTP is the protocol that is used for viewing web pages. suppose if you type www.youtube.com then you can notice http is already automatically added at the beginning of web address. This means you are retrieving web pages using http. in standard HTTP, all information is sent in clear text i.e. information, data, is exchanged over the public internet. in a way we can say its vulnerable to hackers. normally it wouldn’t be big deal unless we are using sensitive data websites like online shopping where we need to input our credit/debit card informations or any other personal informations. in such cases somewhere hacker may be listening to these transmitted data over public internet and steal informations. to overcome these security problems HTTPS was developed.
HTTPS stands for Secure Hypertext Transfer Protocol. basically what it does is encrypt the data which is retrieved through HTTP. It ensures that all data that has been transferred over the internet between computers and server by making the impossible to read. it does by using encryption algorithms to scramble the data that’s been transferred. for example if you visit www.amazon.com that requires your personal sensitive information for selling/purchasing like your address, debit/card info, you will see htttps with keypad lock is already added in front of domain address. it means if you send any sensitive information these will no longer sent in clear texts. its scrambled in unreadable form as it travels from the internet.if any hacker tries to steal information he will only get some bunch of meaningless data which has been encrypted and hackers will not be able to crack the encryption to unscramble the data.
Here i am going to describe how https secure the data. it can be done by one or two protocols. one of these is SSL. it ensures the security on the internet by using public key encryption to secure the data. lets see how SSL ensures security. first of all when computer browse the website which uses ssl, the browser will ask the website to identify itself then web server will send computer a copy of ssl certificate. so here question arise what is SSL certificate? well its a small digital certificate that is used to authenticate the identity of a website. it will let computer knows that is visiting/browsing domain is trustworthy. then computer browser will check whether trustworthy certificate and sends a message to a web server then web server will send back acknowledgement for ssl session to proceed. when all these steps are complete then encrypted data can be exchanged from your computer and server.
Another protocol is TLS, transport layer security. its latest industry standard cryptographic protocol. it works similar to ssl.
Personally i would recommend to buy/use ssl certificate for your domain/website because one of the factor is google is flagging websites as “not secure” if they are not SSL protected and somehow penalizing in search ranking!