Summary
HTTP (Hypertext Transfer Protocol) defines how clients and servers exchange web content, while HTTPS adds a TLS layer to encrypt that exchange and verify server identity.
What is HTTP / HTTPS?
HTTP is a stateless, application-layer protocol built on top of TCP. A client sends a request with a method (GET, POST, PUT, DELETE, etc.), headers, and an optional body; the server responds with a status code, headers, and the requested resource. HTTP/1.1 introduced persistent connections; HTTP/2 added multiplexing; HTTP/3 replaces TCP with QUIC for lower latency.
HTTPS wraps HTTP inside a TLS handshake. The handshake authenticates the server via a certificate signed by a trusted Certificate Authority, negotiates encryption algorithms, and establishes session keys. All subsequent data is encrypted, preventing eavesdropping and tampering.
Modern web architectures rely heavily on HTTPS not just for security but also for performance features enabled by HTTP/2 and HTTP/3, which require TLS. APIs, microservices, and webhooks all use HTTP/HTTPS as their communication backbone.
Why is HTTP / HTTPS relevant?
- Ubiquity: The universal protocol for web applications, REST APIs, and cloud service communication
- Security: HTTPS ensures data confidentiality, integrity, and server authentication
- SEO and trust: Search engines and browsers actively penalise non-HTTPS sites