Tech Terms Explained Open in the app →

HTTPS

Security · Beginner · 4 min read

What is it?

HTTPS is HTTP with encryption, so data exchanged between your browser and a website can't be read or tampered with in transit.

Explain like I'm 5

HTTPS is like sending your message in a locked box only the recipient can open, instead of writing it on a postcard anyone can read.

Why was it created?

Plain HTTP sends data in the open, so anyone on the network could read passwords or alter pages. HTTPS adds encryption and verification to fix that.

Where is it used?

  • Every modern website
  • Login and payment pages
  • APIs handling private data
  • Anywhere a browser address bar shows a padlock

Why should developers care?

Browsers now flag non-HTTPS sites as 'Not Secure'. Knowing how it works is essential for building trustworthy web apps.

How does it work?

HTTPS wraps HTTP inside TLS. The site presents a certificate proving its identity, the two sides agree on encryption keys, and all further traffic is scrambled so eavesdroppers can't read it.

Real-world example

On a banking site, HTTPS encrypts your login so someone sharing the same Wi-Fi can't capture your password.

Common use cases

  • Protecting passwords and payments
  • Securing API traffic
  • Verifying a site's identity
  • Meeting modern browser and SEO requirements

Advantages

  • Encrypts data in transit
  • Verifies server identity
  • Prevents tampering
  • Now expected by browsers and search engines

Disadvantages

  • Requires obtaining and renewing certificates
  • Slight setup overhead
  • Misconfiguration can cause warnings

When should you use it?

Always, for any site or API handling real traffic.

When should you avoid it?

There's rarely a good reason to use plain HTTP in production today.

Alternatives

Plain HTTP (insecure — not recommended)

Related terms

HTTPTCPOAuthJWT

Interview questions

Beginner

  • What does HTTPS protect against?
  • What is the padlock icon telling you?

Intermediate

  • What is a TLS certificate?
  • What is the role of a certificate authority?

Senior

  • How does the TLS handshake establish a shared key?
  • What is HSTS and why use it?

Common misconceptions

  • "HTTPS means a site is safe to trust" — it means the connection is encrypted, not that the site is honest.
  • "HTTPS hides which site you visit" — the domain can still be visible; the content is what's encrypted.

Fun facts

  • The 'S' stands for Secure.
  • Free, automated certificates dramatically increased HTTPS adoption across the web.

Timeline

  • 1994 — Early secure web transport introduced
  • 2010s — HTTPS becomes the web-wide default

Learning resources

Quick summary

HTTPS encrypts HTTP traffic with TLS, protecting data from eavesdropping and tampering and verifying site identity.

Cheat sheet

  • HTTP + TLS encryption
  • Certificate proves site identity
  • Protects data in transit
  • Expected on every modern site

If you remember only one thing

HTTPS is HTTP with encryption — always use it in production.