What is HTTP?

What does HTTP stand for?

HTTP stands for HyperText Transfer Protocol. It serves as a set of rules and guidelines that help web servers provide your browser with everything they need to faithfully display websites on your screen.

Let’s break that down to help understand what HTTP does:

• Hypertext, now better known as hypermedia, is any type of media – text, images, video and audio – that can contain connections to other types of media. Hypermedia is what we expect when we visit a website – text, images and sounds that we can interact with or navigate between.
• Transfer Protocol: HTTP is a network protocol, so it governs the transfer of information between devices (usually a web server and your browsing device). It works on the application layer, meaning that it is run by a browser or other app designed to display websites.

How does HTTP work?

HTTP essentially works on a request-response basis. Your actions, like clicking on a button or even entering the website’s URL, are translated into HTTP requests. The server then sends HTTP responses to fulfill your requests, allowing your browser to display the website.

Is HTTP secure?

Unfortunately, HTTP is not a secure protocol. There are two key reasons for this:

1. Outdated: HTTP has been around for a long time, so hackers and other cybercriminals have had more time to discover vulnerabilities and develop attacks.
2. Unsecured: HTTP lacks basic modern security features that updated protocols or security tools offer.

In fact, many HTTP security vulnerabilities are quite well-documented. Some of the most common or major ones include:

• SQL injection;
• Cross-site scripting;
• MITM attacks.

How to secure your browsing activity

There are a few different ways to improve your cybersecurity and overcome the security flaws of HTTP.

• Use HTTPS: Start with yourself – be a conscious internet user and avoid HTTP sites whenever possible. If a site that manages sensitive data (like financial transactions) uses HTTP, they aren’t taking your security seriously. The HTTPS protocol achieves the same ends, but it has vastly expanded security features.
• Use secure browser extensions: Most users primarily use HTTP in their browsers, and there are tons of browser extensions that can improve your security. In fact, there are some whose entire function is to force HTTPS-capable websites to use HTTPS with you whenever possible. We’ve got a post all about privacy-oriented browser extensions.
• Use a VPN: A VPN won’t protect against attacks that undermine HTTP’s security at the website or in your browser, but it will ensure that your HTTP traffic will remain secure as it travels to your device. NordVPN even has a feature called Threat Protection that can help protect you from some of the attacks that HTTP is vulnerable to. Threat Protection will also give you more online privacy by snipping off tracking parameters websites add to URLs. These trackers may reveal a lot of information about you to marketers, analysts, and other third parties. The URL trimmer helps you keep this information and your online habits to yourself.