HTTP and HTTPS both are application layer protocols with a difference in between them .
HTTP | HTTPS |
---|---|
HTTP stands for HyperText Transfer Protocol. | HTTPS stands for HyperText Transfer Protocol Secure or HTTP over SSL and HTTP over TLS. |
In HTTP there is no encryption of data . So the data is vulnerable to eavesdropping and tampering . | HTTPS consists of communication over HTTP within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. |
HTTP URLs begin with "http://" and use port 80 by default. | HTTPS URLs begin with "https://" and use port 443 by default. |
HTTP is insecure and is vulnerable to man-in-the-middle attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject malware or advertisements. | HTTPS is secure and designed to withstand such attacks. |