HTTPS
What is HTTPS?
HTTPSHTTP carried over a TLS-protected connection, providing confidentiality, integrity, and server authentication for web traffic.
HTTPS is HTTP running on top of TLS (RFC 9110, RFC 2818, RFC 9112) and traditionally listens on TCP port 443. Before any HTTP request is exchanged, client and server complete a TLS handshake in which the server proves its identity via an X.509 certificate issued by a trusted Certificate Authority, and both sides negotiate session keys. The resulting channel encrypts request and response bodies, headers, URLs (path and query), and cookies, while integrity-protecting them against in-network tampering. HTTPS is now the default for the modern web and is reinforced by complementary controls such as HSTS, certificate pinning, OCSP, and Certificate Transparency.
● Examples
- 01
A browser loading https://example.com after validating a TLS certificate signed by a public CA.
- 02
An HTTPS-only API enforcing HSTS so clients refuse to fall back to plaintext HTTP.
● Frequently asked questions
What is HTTPS?
HTTP carried over a TLS-protected connection, providing confidentiality, integrity, and server authentication for web traffic. It belongs to the Network Security category of cybersecurity.
What does HTTPS mean?
HTTP carried over a TLS-protected connection, providing confidentiality, integrity, and server authentication for web traffic.
How do you defend against HTTPS?
Defences for HTTPS typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for HTTPS?
Common alternative names include: HTTP Secure, HTTP over TLS.