HTTPS
HTTPS is HTTP with a layer of cryptographic encryption, keeping passwords and user data safe from eavesdroppers.
Diagram
Client Server ββββββ ββββββ β TLS Handshake β βββββββββ Hello βββββββββββββββΆβ βββββββββ Certificate ββββββββββ (identity proof) βββββββββ Session Key βββββββββΆβ (encrypted key exchange) β β β All further traffic is β β encrypted with session key β ββββββββββββββββββββββββββββββββΆβ
In Depth
HTTPS stands for HyperText Transfer Protocol Secure. It is simply standard HTTP traffic wrapped inside a secure, encrypted tunnel managed by the TLS (Transport Layer Security) protocol.
Code Example
Security headers enforced over HTTPS
HTTP/2 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: default-src 'self' X-Frame-Options: DENY
β οΈ Common Misconception
HTTPS does not mean a website is safe to trust. A malicious or scam website can easily obtain a free TLS certificate and run over HTTPS. It only means the connection is encrypted, not that the content is honest.
π Real World Usage
All payment transactions, logins, and API transfers require HTTPS. Search engines down-rank pages that do not implement HTTPS, and modern browsers display active security warnings on standard HTTP links.
Related Terms