Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP).
It uses encryption for secure communication over a computer network.

In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL).
The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates.

HTTPS creates a secure channel over an insecure network.

The entirety of the underlying HTTP protocol can be encrypted.
This includes:

  • the request's URL,
  • query parameters,
  • headers,
  • cookies (which often contain identifying information about the user).

However, because website addresses and port numbers are necessarily part of the underlying TCP/IP protocols, HTTPS cannot protect their disclosure.

Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software.

The system can also be used for client authentication in order to limit access to a web server to authorized users.
To do this, the site administrator typically creates a certificate for each user, which the user loads into their browser.
Normally, the certificate contains the name and e-mail address of the authorized user and is automatically checked by the server on each connection to verify the user's identity, potentially without even requiring a password.