⌘K
We use cookies to improve your experience
We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience.
Definition
HTTPS (HTTP Secure) is the encrypted version of HTTP. It uses TLS (Transport Layer Security) to encrypt all communication between a browser and a web server, preventing eavesdropping, tampering, and impersonation. HTTPS is identified by the padlock icon in the browser address bar.
HTTPS wraps standard HTTP inside a TLS encryption layer. When you connect to an HTTPS site, a TLS handshake occurs: the server presents a digital certificate (proving it really is who it claims to be), the browser verifies this certificate against trusted Certificate Authorities, and both sides negotiate encryption keys. All subsequent HTTP traffic — URLs, headers, cookies, form data, response bodies — is encrypted and invisible to anyone intercepting the connection.
HTTPS is no longer optional for modern websites. Browsers flag HTTP sites as "Not Secure." Google uses HTTPS as an SEO ranking signal. Many modern web APIs (geolocation, camera, microphone, service workers, push notifications) require a secure context and simply do not work over plain HTTP. Major web platforms require HTTPS for OAuth callbacks, payment processing (PCI compliance), and API integrations.
Let's Encrypt provides free, automated TLS certificates, removing the cost barrier. Most hosting providers and CDNs (Cloudflare, Vercel, Netlify) handle certificate provisioning and renewal automatically. For web developers, the main tasks are ensuring all resources load over HTTPS (no mixed content), setting up HTTP-to-HTTPS redirects, and configuring HSTS (HTTP Strict Transport Security) headers to prevent downgrade attacks.