Everyday Internet & Troubleshooting
HTTP vs. HTTPS: What's the Difference?
That little padlock in your browser's address bar represents HTTPS — and the difference between it and plain HTTP is the difference between a private conversation and a public one.
HTTP: the original
HTTP (HyperText Transfer Protocol) is the language browsers and web servers use to exchange pages. In its original form, that exchange is unencrypted — anyone positioned between you and the server (your ISP, a public Wi-Fi operator, a snoop on the same network) can read exactly what's sent and received.
HTTPS: HTTP with encryption
HTTPS is the same protocol wrapped in encryption using TLS. It adds three crucial guarantees:
- Confidentiality: your traffic is scrambled, so eavesdroppers see only gibberish.
- Integrity: data can't be secretly altered in transit without detection.
- Authentication: a certificate proves you're really talking to the site you think you are, not an impostor.
Why it became universal
HTTPS used to be reserved for logins and checkout pages. Now it's expected everywhere. Browsers mark plain HTTP sites as "Not Secure," search engines favor HTTPS, and free certificate services removed the cost barrier. As a result, the vast majority of web traffic is now encrypted by default.
What HTTPS does and doesn't hide
HTTPS hides the contents of your traffic — the pages, form data, and messages. It does not hide which sites you visit from your ISP, since the domain name is still needed to route your connection (though encrypted DNS helps with that). And HTTPS on a site doesn't guarantee the site itself is trustworthy — only that your connection to it is private.
The takeaway
Always look for HTTPS before entering anything sensitive, especially on public Wi-Fi. The padlock isn't a guarantee of a good website, but the absence of it on a page asking for passwords or payment is a genuine red flag.