HTTP transmits data as unencrypted plaintext, which exposes sensitive information — passwords, account numbers, and transaction records — to interception, theft, or modification. HTTPS solves this by layering encryption on top of HTTP using the Secure Sockets Layer (SSL) protocol: HTTPS = HTTP + SSL.
When an SSL Certificate is installed on a website, the browser and web server establish an SSL-encrypted channel for all HTTPS traffic. This channel provides strong bidirectional encryption, preventing data from being read or altered in transit.
Key differences
| Feature | HTTP | HTTPS |
|---|---|---|
| Data protection | None — data is transmitted as plaintext | SSL encryption protects data in transit |
| Identity verification | No verification | SSL Certificate validates the site's identity |
| Data integrity | No protection | Encryption prevents data from being altered |
| Default port | 80 | 443 |
| Browser indicator | "Not Secure" warning | Padlock icon |
Why plaintext is risky
Without encryption, anyone monitoring the network can read and modify data in transit. This type of attack is called a man-in-the-middle (MITM) attack. The difference between encrypted and unencrypted data is stark:
| State | Example |
|---|---|
| Before encryption (HTTP) | username=alice&password=hunter2 |
| After encryption (HTTPS) | Kj7Hb2VnLp9TyiExfGt3lWvErQnBfFklYgkD9p5zxZbKaPzL |
Next steps
To enable HTTPS on your website, install an SSL Certificate on your web server.