Editing HTTPS (section)

{{Short description|HTTP extension supporting TLS encryption}}
{{pp-pc}}
{{Use dmy dates|date=November 2021}}
{{IPstack}}
{{HTTP}}

'''Hypertext Transfer Protocol Secure''' ('''HTTPS''') is an extension of the [[Hypertext Transfer Protocol]] (HTTP). It uses [[encryption]] for [[Secure communications|secure communication]] over a [[computer network]], and is widely used on the [[Internet]].<ref>{{cite web |url=https://support.google.com/webmasters/answer/6073543?hl=en |publisher=Google Inc. |work=Google Support |access-date=20 October 2018 |title=Secure your site with HTTPS |archive-url=https://web.archive.org/web/20150301023624/https://support.google.com/webmasters/answer/6073543?hl=en |archive-date=1 March 2015 |url-status=live }}</ref><ref>{{cite web |url=https://www.instantssl.com/ssl-certificate-products/https.html |publisher=[[Comodo Group|Comodo CA Limited]] |quote=Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP [...] |access-date=20 October 2018 |title=What is HTTPS? |url-status=unfit |archive-url=https://web.archive.org/web/20150212105201/https://www.instantssl.com/ssl-certificate-products/https.html |archive-date=12 February 2015 }}</ref> In HTTPS, the [[communication protocol]] is encrypted using [[Transport Layer Security]] (TLS) or, formerly, [[Secure Sockets Layer]] (SSL). The protocol is therefore also referred to as '''HTTP over TLS''',<ref>{{cite IETF |title=HTTP Semantics |rfc=9110 |sectionname=https URI Scheme |section=4.2.2 |date=June 2022 |publisher=[[Internet Engineering Task Force|IETF]]}}</ref> or '''HTTP over SSL'''.

The principal motivations for HTTPS are [[authentication]] of the accessed [[website]] and protection of the [[Information privacy|privacy]] and [[Data integrity|integrity]] of the exchanged data while it is in transit. It protects against [[man-in-the-middle attack]]s, and the bidirectional [[Block cipher mode of operation|block cipher encryption]] of communications between a client and server protects the communications against [[eavesdropping]] and [[Tamper-evident#Tampering|tampering]].<ref name=httpse>{{cite web |url=https://www.eff.org/https-everywhere/faq |title=HTTPS Everywhere FAQ |access-date=20 October 2018 |archive-url=https://web.archive.org/web/20181114011956/https://www.eff.org/https-everywhere/faq/ |archive-date=14 November 2018 |url-status=live |date=8 November 2016}}</ref><ref>{{Cite web|url=https://w3techs.com/technologies/details/ce-httpsdefault/all/all|title=Usage Statistics of Default protocol https for Websites, July 2019|website=w3techs.com|access-date=20 July 2019|archive-url=https://web.archive.org/web/20190801134536/https://w3techs.com/technologies/details/ce-httpsdefault/all/all|archive-date=1 August 2019|url-status=live}}</ref> The authentication aspect of HTTPS requires a trusted third party to sign server-side [[Public key certificate|digital certificates]]. This was historically an expensive operation, which meant fully authenticated HTTPS connections were usually found only on secured payment transaction services and other secured corporate information systems on the [[World Wide Web]]. In 2016, a campaign by the [[Electronic Frontier Foundation]] with the support of [[web browser]] developers led to the protocol becoming more prevalent.<ref>{{cite web |title=Encrypting the Web |url=https://www.eff.org/encrypt-the-web |website=Electronic Frontier Foundation |access-date=19 November 2019 |archive-url=https://web.archive.org/web/20191118094200/https://www.eff.org/encrypt-the-web |archive-date=18 November 2019 |url-status=live }}</ref> HTTPS is since 2018<ref>{{Cite web|url=https://www.welivesecurity.com/2018/09/03/majority-worlds-top-websites-https/|title=Majority of the world’s top million websites now use HTTPS|website=welivesecurity.com|access-date=22 May 2025}}</ref> used more often by web users than the original, non-secure HTTP, primarily to protect page authenticity on all types of websites, secure accounts, and keep user communications, identity, and web browsing private.