HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) is a secured communication protocol between a web browser and web server. You can say it is secured HTTP (think of ‘S’ in HTTPS as secured) protocol. It encrypts any communication that a user sends to a web server and decrypts at the server side. Similarly, it encrypts any communication that a web server sends to a web browser and decrypts at browser side. That way HTTPS protocol provides a secured sub layer under HTTP.
So the conclusion is that https is more secure, why do websites use HTTP anyway?
One reason is that https cost more. Another reason is it slows down the website since it encrypts and decrypts every communication a web user sends or receives.
You can place all websites in three categories
HTTP vs. HTTPS
Least Security – These websites use HTTP throughout. Most internet forums will probably fall into this category. Because these are open discussion forums, secured access is generally not required
Medium Security – These websites use https when you sign in (when you enter your id and password) and use HTTP once you are logged in. Google and Yahoo are examples of such sites. MSN (or Hotmail) provides you with an option to use HTTP or https protocol. You can choose ‘Use enhanced security’ option for https or ‘Use standard security’ option for HTTP.
Highest security – These websites use https throughout. Most financial institutions fall into this category. Try logging to your bank or credit card company’s website, you will see https protocol being used throughout.
Tip – So unless you trust the provider think twice when you enter your password on an HTTP website.