Back to Support

HTTP vs HTTPS - what’s the difference?

Published 05 Nov 2020 by Ellice Eadie, CANDDi
Read this in about 2 minutes

What is it?

HTTP (HyperText Transfer Protocol) was originally introduced in order for network administrators to share information between websites and browsers.

In recent years, most websites have begun to use HTTPS (HyperText Transfer Protocol Secure) for better security. HTTPS relies on one of two methods to encrypt and translate information between sites:

Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

These work in the same way by using what is called a Public Key Infrastructure (PKI). Essentially the system uses two “keys” to encrypt information, a public key and a private key.

If something is encrypted with a private key, it can only be unlocked with a public key and vice versa.

http Vs https

So, what’s the benefit?

Anything sent over HTTP is sent in ‘plain text’, meaning it can be intercepted and easily hacked. This poses danger if the information being communicated is highly sensitive i.e credit card information.

The purpose of HTTPS is to encrypt this data, making it impossible for anyone to hack the information even if they were to intercept the connection. This means the data and information sent will stay safe.

There has been a push for as many websites as possible to be switched from HTTP to HTTPS to maintain security across the web, and prevent as many cases of hacking and fraudulent behaviour as possible. Businesses and consumers are becoming more savvy to the benefits of HTTPS as they go about activity online, meaning if you’re not switched over yet you should look at doing so sooner rather than later!

Does this make a difference to my Javasacript?

If you have recently made the move for your website to load on HTTPs instead of HTTP, then you will need to make sure you have the correct CANDDi tracking code in your site.

For example, if the tracking code in your HTTPs site looks like:

<!-- CANDDi -->
<script async type="text/javascript" src="**http:**//">
<noscript style='position: absolute; left: -10px;'>
    <img src=''/>
<!-- /END CANDDi -->

then you will need to remove the ‘http’ so CANDDi can track your HTTPs site as normal.

You may even need to override this setting to make sure ‘http’ isn’t added, so it may be best to get in touch with your IT team to do this.

Have more questions? Contact us at