Extension of the HTTP communications protocol to support TLS encryption
Internet protocol suite
Application layer
BGP
DHCP (v6)
DNS
FTP
HTTP (HTTP/3)
HTTPS
IMAP
IRC
LDAP
MGCP
MQTT
NNTP
NTP
OSPF
POP
PTP
ONC/RPC
RTP
RTSP
RIP
SIP
SMTP
SNMP
SSH
Telnet
TLS/SSL
XMPP
more...
Transport layer
TCP
UDP
DCCP
SCTP
RSVP
QUIC
more...
Internet layer
IP
v4
v6
ICMP (v6)
NDP
ECN
IGMP
IPsec
more...
Link layer
ARP
Tunnels
PPP
MAC
more...
v
t
e
HTTP
Persistence
Compression
HTTPS
QUIC
Request methods
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PATCH
Header fields
Cookie
ETag
Location
HTTP referer
DNT
X-Forwarded-For
Response status codes
301 Moved Permanently
302 Found
303 See Other
403 Forbidden
404 Not Found
451 Unavailable for Legal Reasons
Security access control methods
Basic access authentication
Digest access authentication
Security vulnerabilities
HTTP header injection
HTTP request smuggling
HTTP response splitting
HTTP parameter pollution
v
t
e
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet.[1][2] In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS,[3] or HTTP over SSL.
The principal motivations for HTTPS are authentication of the accessed website and protection of the privacy and integrity of the exchanged data while it is in transit. It protects against man-in-the-middle attacks, and the bidirectional block cipher encryption of communications between a client and server protects the communications against eavesdropping and tampering.[4][5] The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates. This was historically an expensive operation, which meant fully authenticated HTTPS connections were usually found only on secured payment transaction services and other secured corporate information systems on the World Wide Web. In 2016, a campaign by the Electronic Frontier Foundation with the support of web browser developers led to the protocol becoming more prevalent.[6] HTTPS is now used more often by web users than the original, non-secure HTTP, primarily to protect page authenticity on all types of websites, secure accounts, and keep user communications, identity, and web browsing private.
^"Secure your site with HTTPS". Google Support. Google Inc. Archived from the original on 1 March 2015. Retrieved 20 October 2018.
^"What is HTTPS?". Comodo CA Limited. Archived from the original on 12 February 2015. Retrieved 20 October 2018. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP [...]{{cite web}}: CS1 maint: unfit URL (link)
^"https URI Scheme". HTTP Semantics. IETF. June 2022. sec. 4.2.2. doi:10.17487/RFC9110. RFC 9110.
^"HTTPS Everywhere FAQ". 8 November 2016. Archived from the original on 14 November 2018. Retrieved 20 October 2018.
^"Usage Statistics of Default protocol https for Websites, July 2019". w3techs.com. Archived from the original on 1 August 2019. Retrieved 20 July 2019.
^"Encrypting the Web". Electronic Frontier Foundation. Archived from the original on 18 November 2019. Retrieved 19 November 2019.
recommended to use HTTP Strict Transport Security (HSTS) with HTTPS to protect users from man-in-the-middle attacks, especially SSL stripping. HTTPS should not...
secure variant named HTTPS is used by more than 85% of websites. HTTP/2, published in 2015, provides a more efficient expression of HTTP's semantics "on the...
communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response...
The HTTP response status code 303 See Other is a way to redirect web applications to a new URI, particularly after a HTTP POST has been performed, since...
The 502 Bad Gateway error is an HTTP status code that occurs when a server acting as a gateway or proxy receives an invalid or faulty response from another...
such as when using Google Search with HTTPS. Most web servers maintain logs of all traffic, and record the HTTP referrer sent by the web browser for each...
The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code...
on HTTPS". Retrieved 16 August 2016. Goodin, Dan (3 August 2016). "HEIST exploit — New attack steals SSNs, e-mail addresses, and more from HTTPS pages"...
HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if...
HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple...
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase...
provided. 497 HTTP Request Sent to HTTPS Port An expansion of the 400 Bad Request response code, used when the client has made a HTTP request to a port...
websites using SSL or TLS (i.e. HTTPS). Proxy servers may also limit connections by only allowing connections to the default HTTPS port 443, whitelisting hosts...
HTTP by default, and can be configured to use it on HTTPS. IBM CICS 3.1 supports HTTP pipelining within its client. Testing tools which support HTTP pipelining...
attacker.com server. If the attacker's malicious posting is on an HTTPS website https://www.example.com, secure cookies will also be sent to attacker.com...
HTTP Flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker manipulates HTTP and POST unwanted requests in order to attack...
HTTP Message Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any (in the case of HTTP/0...
HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize...
of the location is expanded by the client to https://www.example.com/articles/. A client request for https://www.example.com/blog/latest may get a server...
increased use of HTTPS and is designed to force the usage of HTTPS automatically whenever possible. The code, in part, is based on NoScript's HTTP Strict Transport...
HTTP authentication may refer to: Basic access authentication Digest access authentication This disambiguation page lists articles associated with the...
The Wayback Machine is a digital archive of the World Wide Web founded by the Internet Archive, an American nonprofit organization based in San Francisco...
selecting an HTTP (not HTTPS) URL to the site, the client, such as a Web browser, will automatically upgrade to HTTPS without making an HTTP request, thereby...
Global Information