HTTPS

Protocol

Overview

HTTPS is HTTP traffic carried over an encrypted TLS connection — not a separate protocol but simply 'HTTP over TLS'.

It provides three security properties: confidentiality (no eavesdropping), integrity (tampering is detected), and server authentication (you're really talking to the domain you think you are).

Details

HTTPS uses port 443 by default. The connection opens with a TLS handshake that validates the server's certificate and negotiates session keys, after which all HTTP messages are encrypted. Browsers verify that the certificate chain leads to a trusted Certificate Authority (CA), so users can trust that the domain they reached is genuinely owned by that domain's operator.

HTTPS is now a prerequisite for SEO ranking and for many browser features (HTTP/2, service workers, geolocation), and free CAs like Let's Encrypt made it the default. Note that HTTPS protects only data in transit — it does not secure data at rest on the server or fix application flaws like XSS. The risk of an initial plaintext redirect is mitigated by HSTS.

Related types