HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. It uses SSL/TLS encryption to protect all data transferred between a user's browser and a web server, preventing interception, eavesdropping and tampering.
HTTP vs HTTPS
- HTTP sends data in plain text — readable by anyone on the same network.
- HTTPS encrypts data — unreadable without the decryption key.
- HTTP uses port 80; HTTPS uses port 443.
Why HTTPS Matters
- Security — Protects passwords, payment details and personal data from interception.
- SEO — Google uses HTTPS as a ranking signal. HTTP sites rank lower.
- User trust — Browsers show a padlock for HTTPS and a "Not secure" warning for HTTP.
- Compliance — PCI-DSS (payment cards) and GDPR both require encrypted connections.
How HTTPS Works
When you visit an HTTPS site, the browser and server perform a TLS handshake: they exchange certificates, verify identity and negotiate an encryption algorithm. All subsequent data is encrypted for that session.
Common Misconception
HTTPS means the connection is encrypted — it does not guarantee the website itself is legitimate. Phishing sites can and do use HTTPS. Always verify the domain name, not just the padlock.