What is the difference between HTTP and HTTPS?
Quick Answer
HTTP sends data in plain text — anyone on the network path can read or modify it. HTTPS is HTTP sent over a TLS connection, so the same requests and responses are encrypted, checked for tampering, and tied to a verified server identity. HTTPS uses port 443 by default, while HTTP uses port 80.
Detailed Answer
HTTP (HyperText Transfer Protocol) defines how a browser and a server exchange requests and responses. On its own, HTTP has no encryption.
HTTP: Browser --[plain text request/response]--> Server
(port 80 — anyone on the network path can read or change it)
HTTPS: Browser --[TLS-encrypted request/response]--> Server
(port 443 — wrapped in a TLS tunnel first)
HTTPS is not a separate protocol from HTTP. It is HTTP sent through a TLS connection. TLS runs underneath HTTP and adds three things HTTP alone does not have:
- Encryption — the request/response content is unreadable to anyone intercepting the traffic.
- Integrity — any tampering with the data in transit is detected.
- Authentication — the browser can verify the server's identity using its certificate.
In practice: on an HTTP site, a network attacker (for example, on shared public Wi-Fi) can read your login form data or inject their own content into the page. On an HTTPS site, the TLS layer prevents both.
Today almost the entire web runs on HTTPS. Browsers actively mark plain HTTP sites as "Not Secure," especially for anything involving forms or logins.