HTTPS is HTTP traffic carried over an encrypted TLS connection — not a separate protocol but simply 'HTTP over TLS'.
It provides three security properties: confidentiality (no eavesdropping), integrity (tampering is detected), and server authentication (you're really talking to the domain you think you are).
HTTPS uses port 443 by default. The connection opens with a TLS handshake that validates the server's certificate and negotiates session keys, after which all HTTP messages are encrypted. Browsers verify that the certificate chain leads to a trusted Certificate Authority (CA), so users can trust that the domain they reached is genuinely owned by that domain's operator.
HTTPS is now a prerequisite for SEO ranking and for many browser features (HTTP/2, service workers, geolocation), and free CAs like Let's Encrypt made it the default. Note that HTTPS protects only data in transit — it does not secure data at rest on the server or fix application flaws like XSS. The risk of an initial plaintext redirect is mitigated by HSTS.