Key Takeaways

  • HTTP sends data in plain text (readable by anyone).
  • HTTPS encrypts data, making it unreadable to eavesdroppers.
  • Look for the Padlock icon in your browser address bar.
  • Warning: Phishing sites CAN have HTTPS too. It doesn't mean the site is "honest", just "encrypted".

HTTP is like sending a postcard; everyone can read it. HTTPS is like sending a heavy armored truck.

The 'S' stands for Secure

HTTPS (Hypertext Transfer Protocol Secure) uses encryption (TLS/SSL) to scramble data moving between your browser and the website server.

If you enter your credit card on an HTTP site, anyone on the Wi-Fi (the hacker at Starbucks, your ISP) can see the numbers in plain text. On HTTPS, they just see a jumbled mess of random characters.

The Padlock

Browsers indicate HTTPS with a padlock icon. If a site says "Not Secure" in the address bar, generally do not enter any personal information there.

Is HTTPS unhackable?

No. HTTPS protects the transport of data. It does not guarantee the website itself is safe (a phishing site can have HTTPS) or that the server won't get hacked later.

Frequently Asked Questions (FAQ)

What is SSL/TLS?
TLS (Transport Layer Security) is the modern name for SSL. It is the cryptographic protocol that powers the 'Lock' icon in HTTPS.
Why is HTTP deprecated?
Because modern browsers (Chrome, Firefox) flag standard HTTP sites as "Not Secure" to warn users. Most modern web features (Camera, Mic, Geolocation) require HTTPS to work.

Are we secure?
Yes, look for the padlock!