What is the difference between HTTP and HTTPS protocol?

"s" indicates that the site is secure. This is important when doing any type of transaction.

HTTP is the standard Hyper Text Transfer Protocol, and everything it sends is clear text. HTTPS adds 'Secure' to that, and it uses PKI/Certificate technology to encrypt the data that it sends.

HTTPS would usually be the method of choice, especially in environments where you would be sending confidential information, like login/password credentials, banking, online purchases, etc, to prevent anyone with a wire or wireless sniffer from reading the data packets to 'steal' your information.

also bear in mind that HTTPS is *more* secure, not 100% secure. HTTPS depends on the integrity of the SSL certificate authority and certificate issued

While, as others point out, HTTPS is secure, HTTP and HTTPS are two totally different communications. HTTP uses TCP port 80 and HTTPS uses TCP port 443...and never the twain shall meet. Further what makes HTTPS more secure is that it must incorporate a protocol that is not present with HTTP, the SSL or Secure Sockets Layer protocol to transport data securely. SSL takes the same data that HTTP might transport and encrypts it, using a mathematical algorithm to disguise the data. The key is the complexity of the algorithm being used, which can range from extremely difficult to impossible to crack.

Compare HTTP and HTTPS to a 8 character password that uses letters only and a 13 character password using upper and lower case, symbols and numbers. One is simple to crack while the other is impossible (or impossible in thousands of lifetimes) to crack. The 8 character password using only letters will take a few minutes to crack while the 13 character password will take about 75,000 years, running 24/7 at 200,000,000 keys per second to crack.

Anyway, hope that helps.

Experts Erik and Mark are correct with their answers and opinions. Here is some follow-up information if you are interested. I would visit the RFC links if you really want to get down to the gears.

--HTTP--

Standard Port: 80
Encryption: None

Taken from the abstract of RFC2616 :
"The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. It is a generic, stateless, protocol which can be used for
many tasks beyond its use for hypertext, such as name servers and
distributed object management systems, through extension of its
request methods, error codes and headers. A feature of HTTP is
the typing and negotiation of data representation, allowing systems
to be built independently of the data being transferred."

--HTTPS--

Standard Port: 443
Encryption: SSL/TLS via PKI from a Trusted Certificate Authority

Taken from the Introduction of RFC18
"HTTP [RFC2616] was originally used in the clear on the Internet.
However, increased use of HTTP for sensitive applications has
required security measures. SSL, and its successor TLS [RFC2246] were
designed to provide channel-oriented security. This document
describes how to use HTTP over TLS."

HTTP stands for HyperText Transfer Protocol, which is just a fancy way of saying it's a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients.

You really don't need to know what it all stands for; the important thing is the letter S which makes the difference between HTTP and HTTPS. The S (big surprise) stands for "Secure". You probably didn't need me to tell you that, because you already knew it had something to do with security.

For more information: http://www.techyv.com/questions/whats-really-difference-between-http-and-https