What Is HTTPS?
Learn how encryption keeps your data private as it travels across the internet — and why the padlock matters.
What Is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure. It is the encrypted version of HTTP — the set of rules that browsers and servers use to communicate. When you see a padlock in your browser's address bar, HTTPS is working.
Without encryption, any data you send — passwords, credit card numbers, private messages — travels across the internet as plain text. Anyone watching the network can read it. HTTPS scrambles that data so only the intended recipient can unscramble it.
HTTP — Unencrypted
- ✗ Data sent as plain text — readable by anyone
- ✗ No verification of website identity
- ✗ Vulnerable to eavesdropping and tampering
- ✗ Modern browsers warn users or block the page
HTTPS — Encrypted
- ✓ Data scrambled — unreadable to eavesdroppers
- ✓ Website identity verified by a certificate
- ✓ Protected against tampering during transit
- ✓ Required for modern web features
How TLS Encryption Works
TLS — Transport Layer Security — is the encryption protocol that powers HTTPS. It uses two types of keys: a public key (shared freely) and a private key (kept secret by the server). Data encrypted with the public key can only be decrypted with the private key.
The Handshake
When your browser connects to an HTTPS site, a "TLS handshake" happens in milliseconds. Your browser verifies the site's SSL certificate, generates a session key, and encrypts all traffic — all before a single byte of your data is sent.
The Three Protections of HTTPS
HTTPS does three things simultaneously every time you load a secure page.
Encryption
Nobody can read your data while it travels between you and the server. Not your ISP, not the coffee shop WiFi, not hackers on the same network.
Integrity
Data cannot be modified in transit without detection. A hacker cannot inject malicious code into a page you are loading without the browser knowing.
Authentication
You can verify you are talking to the real website — not an imposter pretending to be your bank. SSL certificates are issued by trusted Certificate Authorities.
Free and Automatic
You used to pay for SSL certificates. Today, Let's Encrypt provides them free, and most hosting providers install them automatically. There is no excuse for not having HTTPS in 2026.
What HTTPS Looks Like
When you visit a secure site, your browser shows you several signals. Here is what to look for.
# Secure — look for these signals: 🔒 padlock icon in the address bar https:// in the URL (not http://) sidequest.rdy.ws — verified domain name # Insecure — warning signs: ⚠️ "Not Secure" label in Chrome http:// in the URL ❌ padlock is broken or missing
Modern Web Requirements
Features like HTTP/2, HTTP/3, service workers, and geolocation all require HTTPS. If you are building any web app today, HTTPS is not optional — it is the baseline.
Knowledge Check
Test what you learned about HTTPS and web security.
3 Questions
What does the S in HTTPS stand for?
What is the main purpose of TLS in HTTPS?
What does an SSL certificate verify?