teach-ict.com logo

THE education site for computer science and ICT

HTML and CSS

1. HTTP and HTTPS

HTTP, or "HyperText Transfer Protocol", is the protocol underlying the World Wide Web.

Web pages are sent and received using the http protocol.

 

htpp protocol

A web page is made up of a collection of individual files - text, images, styling, javascript and so on.

On the web server itself they are simply a collection of files just like those on your own computer

The web site on the server above is arranged as a set of folders - one for styling (css), one for images, another for any javascript files and so on. There is no rule as to how someone arranges their files on a server - it is best to be a bit tidy but you could pile thousands of files into a single directory.

Each page on the site references the files it needs to render.

The http protocol allows a browser to request these individual files from a web server in an orderly way. Once received, they are rendered into a web page such as the one you are reading at the moment.

A web page that begins with http:// is using this protocol.

HTTPS

There is a variation of it called 'https' (extra s on the end), meaning 'http secure'.

This protocol works like http, but also encrypts web page data before it is sent out of the browser or server, to make sure that nobody can intercept the data and read it themselves.

For example, if you are viewing a typical login page that starts with https:// the browser encrypts the user name and password before it is sent to the server. Only the server can decrypt the details.

So why doesn't every web site use https by default?

Well, it is because it costs money - repeatedly, every year. Https works by accessing a digital file called the SSL certificate that certifies that the domain being viewed is the genuine one (i.e. not a faked site seeking logins) and data between you and the site will be encrypted.

But the companies issuing those certificates are subscription based i.e. you have to pay every year for every domain you wish to certify.

This can become expensive, for example if you have a main site called abcd.co.uk you need to purchase a SSL certificate, then if you do not want someone to use a similar URL, you purchase abcd.com and abcd.co and abcd.biz and abcd.info and so on. Each domain adds to the cost and so it is a decision as to which domains to pay for.

Note that the original SSL protocol, Secure Socket Layer, has long been superseded by more sophisticated and robust technology called TLS, Transport Layer Security, but the certificate is still called an SSL certificate just by tradition.

Just to see how it works, if you are using the Chrome browser, do you notice the little lock icon next to our address? Click on it, then click on Connection is secure. Then click on 'Certificate is valid' and it shows that this is the certified site belonging to the url https://www.teach-ict.com