Glossary

HTTPS

HTTPS is HTTP layered over TLS encryption, so data exchanged between browser and website stays private, authenticated, and tamper-proof.

HTTPS (HyperText Transfer Protocol Secure) is ordinary http carried inside an encrypted ssl-tls tunnel. It is the default scheme for the modern web and is signalled by the padlock icon and the https:// prefix.

What changes versus HTTP

All request and response data is encrypted.
The server's identity is verified by a TLS certificate.
Default port shifts from 80 to 443.

Why it matters for hosting

Browsers now treat plain HTTP as insecure, search engines favour HTTPS, and many APIs and browser features (geolocation, service workers, http-2) require it. Most hosts and CDNs offer free automatic certificates, so enabling HTTPS is usually a one-click step.

To stop visitors ever reaching the insecure version, pair HTTPS with hsts, which instructs browsers to always upgrade requests to secure connections.

See also

SSL/TLS SSL/TLS is the encryption protocol that secures connections between browsers and servers, enabling HTTPS and protecting data in transit. HSTS (HTTP Strict Transport Security) HSTS is a security header that tells browsers to only ever connect to a site over HTTPS, preventing downgrade and cookie-hijacking attacks. HTTP/2 HTTP/2 is a major revision of HTTP that multiplexes many requests over one connection, reducing latency versus the older HTTP/1.1. Caching Caching stores copies of data or pages so repeat requests are served instantly, reducing server work and dramatically speeding up websites.

← All terms