HyperText Transfer Protocol (HTTP) is used when we browse the web. New additions have made it more secure – find out more about their uptake below.
HTTP is always operating behind the scenes whenever we browse the web. It is what allows us to view web pages, and sets rules for file transfers so we can see text, images, videos and more. However, it was not built with security in mind. Since its launch, new protocols and functionalities have been added to improve this. These include:
HTTPS creates a secure channel for HTTP communications over insecure networks, such as the Internet or public Wi-Fi networks. It does so by adding an encryption layer and encrypting an entire message exchanged using HTTP.
In EU Member States, the rate of deployment of HTTPS for websites is high on average, and there is an overall positive trend towards deployment.
The World Wide Web follows the client/server model, in which communication endpoints are divided into clients and servers. For example, a web browser can be considered a client. It initiates connections and sends HTTP requests. Meanwhile, a web server listens for connections and replies with HTTP responses.
HTTP responses may contain HTTP response header fields. These indicate to the web browser how to handle the response, as well as any additional information. One special category of these response headers concerns security – hence the name HTTP security response headers.
One type of security response headers – HTTP Strict Transport Security header (HSTS) – sends a request for a client to access the web using HTTPS, thus forcing the session to be encrypted.
The rate of deployment of the HTTP Strict Transport Security (HSTS) response header is still low on average in the EU.. This low uptake could be due to the lack of proper cybersecurity skills among technical staff in charge of website management.
HTTP version 3 (HTTP/3) is the third major version of HTTP. It was developed to improve the speed and security of Internet browsing by using a faster and more secure transport protocol as its base. This is known as Quick UDP Internet Connections (QUIC), and is used instead of Transmission Control Protocol (TCP). QUIC has lower communication delays than TCP and enforces communication encryption through Transport Layer Security (TLS) version 1.3.
The deployment of HTTP/3 is still low on average. This could be due to the relative novelty of this version.