⚖ HTTP vs HTTPS — Side by Side
// WHAT CHANGES WHEN YOU ADD TLS ENCRYPTION
⚠ Not Secure
Your browser shows this warning because the connection is unencrypted. Any data you submit — including passwords — travels in plain text that anyone on the network can read.
This is the current page you are on.
Your browser shows this warning because the connection is unencrypted. Any data you submit — including passwords — travels in plain text that anyone on the network can read.
This is the current page you are on.
✔ Connection is secure
HTTPS with TLS encrypts your connection end-to-end. Intercepted packets are unreadable ciphertext. The padlock confirms a valid certificate from a trusted authority.
What the Boogle demo would need to be truly safe.
HTTPS with TLS encrypts your connection end-to-end. Intercepted packets are unreadable ciphertext. The padlock confirms a valid certificate from a trusted authority.
What the Boogle demo would need to be truly safe.
| Property | 🔓 HTTP | 🔒 HTTPS (TLS) |
|---|---|---|
| Encryption | NONE — all data is plaintext | TLS 1.3 — AES-256-GCM or ChaCha20 |
| Default Port | 80 (or custom, e.g. 8080) | 443 |
| Password Visible to MITM | YES — instantly readable | NO — encrypted ciphertext |
| Cookies / Session Tokens | EXPOSED — attackers can hijack sessions | PROTECTED — encrypted in transit |
| Content Tampering | POSSIBLE — attacker can inject code into pages | PREVENTED — TLS integrity check (AEAD) |
| Server Identity Verified | NO — no certificate required | YES — cert issued by trusted CA |
| IP-Only Hosting | Works fine — but forces plaintext | Public CAs won't issue certs for bare IPs (self-signed only) |
| Browser Warning | "Not Secure" in address bar | Padlock icon — green or neutral |
| SEO Impact | Penalized by search engines | Preferred / ranked higher |
| Required For | Nothing — it's the insecure default | HTTP/2, PWAs, geolocation, camera access, service workers |