Hypertext Transfer Protocol Secure (HTTPS)
Information resource on HTTPS
Last updated 20 January 2025
What is HTTPS?
Hypertext transfer protocol secure (HTTPS) is the secure encrypted version of HTTP, the primary protocol used to send data between a web browser and a website. This is particularly important when users transmit sensitive data, such as logging into a bank account, email service, or health insurance provider.
Any website, especially those that require login credentials, should use HTTPS. In modern web browsers such as Chrome, websites that do not use HTTPS are marked differently than those that are. Web browsers take HTTPS seriously, look for a green padlock in the URL bar to signify that the webpage is secure.
Why is HTTPS important?
HTTPS prevents websites from having their information broadcasted in a way that is easily viewed by anyone snooping on the network. When information is sent over regular HTTP, the data is broken into packets of data that can be easily "sniffed" using free software. This makes communication over an insecure medium, such as public Wi-Fi, highly vulnerable to interception. All communications that occur over HTTP occur in plain text, making them highly accessible to anyone with the correct tools, and vulnerable to on-path attacks.
How does HTTPS work?
HTTPS keeps the information secret by encrypting it as data moves between the browser and the website's server. This ensures that external parties are unable to decipher the transmitted information. An external party could include an Internet Service Provider (ISP), a hacker, or anyone else who manages to position themselves between user and the web server.
High-level explanation
Encryption enhances the security of HTTP communication traffic between parties.
Hyperlinks
Adoption statistics
Let’s Encrypt: HTTPS Adoption Statistics (Firefox)
References
Cloudflare: What is HTTPS?
Mozilla: SSL Configuration Generator
Bettercrypto.org: Applied Crypto Hardening