HTTPS

Definition

Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP, utilizing SSL/TLS encryption to protect data exchanged between users and

Use Cases

• Cloudflare: Encrypting and accelerating customer website traffic between end users and origin servers — Provides HTTPS by terminating TLS at Cloudflare’s edge, managing certificates (including automated issuance/renewal), and proxying traffic to origins over HTTPS to maintain end-to-end encryption. (Improved security for websites (encrypted traffic in transit) and better performance through edge delivery and optimized connection handling.)
• GitHub: Protecting user logins, sessions, and code browsing on github.com — Serves the site over HTTPS using TLS certificates and enforces secure connections for authenticated user interactions to prevent interception and tampering. (Reduced risk of credential/session theft on untrusted networks and increased user trust through secure-by-default web access.)
• Stripe: Securing payment-related web traffic and API calls — Uses HTTPS/TLS for its dashboards and APIs so that sensitive data (tokens, requests, responses) is encrypted in transit between clients and Stripe’s servers. (Helps protect sensitive financial interactions from eavesdropping and manipulation, supporting secure online payments at scale.)

Frequently Asked Questions

What's the difference between HTTPS and HTTP?

HTTP sends data in plain text, so someone on the network could potentially read or change it. HTTPS is HTTP over TLS (often called SSL), which encrypts the connection and helps ensure the website you reached is authentic.

When should I use HTTPS?

Use HTTPS for all websites and APIs, especially anywhere users log in, submit forms, make payments, or send personal data. In practice, modern best practice is to enable HTTPS everywhere and redirect HTTP to HTTPS.

How much does HTTPS cost?

The HTTPS protocol itself is free, but you need a TLS certificate and infrastructure to serve it. Certificates can be free (for example, from Let’s Encrypt) or paid (often for added validation or support). You may also pay for a load balancer, CDN, or managed certificate service depending on your architecture and traffic volume.

Category: security

Difficulty: basic

Related Terms

• SSL
• TLS
• HTTP
• Encryption

See Also

• Password
• Firewall
• CloudTrail
• IAM
• Active Directory