Hypertext Transfer Protocol Secure ( HTTPS ) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.

In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against Man-in-the-middle attacks.

Another example where HTTPS is important is connections over Tor ( anonymity network ), as malicious Tor nodes can damage or alter the contents passing through them in an insecure fashion and inject malware into the connection.

This is one reason why the Electronic Frontier Foundation and Torproject started the development of HTTPS Everywhere, which is included in the Tor Browser Bundle.

On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS, the user and the session will get exposed.

A common misconception is that HTTPS is performance heavy and cannot be deployed on existing equipment.

Deploying HTTPS also allows the use of SPDY, which is designed to reduce page load times and latency.

It is recommended to use HTTP Strict Transport Security with HTTPS to protect users from man-in-the-middle attacks.

This survey is powered by Qualys ' SSL Server Test, in which anyone can audit the HTTPS implementation of a specified web server.

HTTPS is a URI scheme which has identical syntax to the standard HTTP scheme, aside from its scheme token.

The main idea of HTTPS is to create a secure channel over an insecure network.

HTTPS is designed to withstand such attacks and is considered secure against such attacks ( with the exception of older deprecated versions of SSL ).

Strictly speaking, HTTPS is not a separate protocol, but refers to use of ordinary HTTP over an encrypted SSL / TLS connection.

Everything in the HTTPS message is encrypted, including the headers, and the request / response load.

This means that, in most cases, it is not feasible to use name-based virtual hosting with HTTPS.

It has the capability of delivering e-mail securely when no recipient key is found via a secure HTTPS browser session.

SOAP may also be used over HTTPS ( which is the same protocol as HTTP at the application level, but uses an encrypted transport protocol underneath ) with either simple or mutual authentication ; this is the advocated WS-I method to provide web service security as stated in the WS-I Basic Profile 1. 1.

This records form data before it is passed over the Internet and bypasses HTTPS encryption.

Encrypted client side cookies are arguably just as insecure and unless all transmission is over HTTPS, they are very easy to copy or decrypt for man-in-the-middle attacks.

A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance.

Also having only a certain page that contains sensitive information ( such as a log-in page ) of a website loaded over HTTPS, while having the rest of the website loaded over plain HTTP will expose the user to attacks.

* Corkscrew – a tool that enables a user to run SSH over HTTPS proxy servers

* Corkscrew ( program ), SSH over HTTPS

The Web Interface client may be used as a secure ICA proxy over HTTPS when combined with Citrix Secure Gateway, both of which are included in the base XenApp product.

The protocol has been adopted by a number of domain name registries, such as:. ke,. ac,. aero,. ag,. asia,. at,. au,. be,. biz,. br,. bz,. ca,. cat,. cc,. ch,. cl,. cn,. co,. cz,. com,. coop,. cx,. cz,. es ( over HTTPS ),. eu,. fm,. fr,. gr ( over HTTPS ),. gs,. hn,. ht,. im,. in,. info,. io,. it ( over HTTPS ),. jobs,. ki,. kz,. la,. lc,. li,. lt,. lu,. me,. mn,. mobi,. ms,. mu,. mx,. na,. name,. net,. nf,. ng,. nl,. no,. nu,. nz ( currently in testing ),. org,. pl ( over HTTPS ),. pro,. pt,. ru,. sc,. se,. sh,. si,. su,. tel,. tl,. tm,. travel,. tv,. tw,. uk,. us,. ir,. vc,. ve and. za as well as ENUM registries such as those operating the + 31, + 41, + 43, + 44 and + 48 country codes.

; < span id =" CONNECT "> CONNECT </ span >: Converts the request connection to a transparent TCP / IP tunnel, usually to facilitate SSL-encrypted communication ( HTTPS ) through an unencrypted HTTP proxy.

Some software may be bypassed successfully by using alternative protocols such as FTP or telnet or HTTPS, conducting searches in a different language, using a proxy server or a circumventor such as Psiphon.

Engines such as Google do not index pages outside of HTTP or HTTPS.

Any ( web mail or other ) mail system which stores and retains user's email contents is an attractive target for such attacks, but Gmail is popular with security-conscious users because of its early HTTPS secure ( encrypted ) connection support, and its more-recent HTTPS-only default setting.

Other methods of using the cell phone include using SMS messaging, instigating an interactive telephone call, or using standard Internet protocols such as HTTP or HTTPS.

While it could add security to any protocol that uses reliable connections, such as TCP, it was most commonly used by Netscape with HTTP to form HTTPS.

Currently the most efficient way to prevent pharming is for end users to make sure they are using secure web connections ( HTTPS ) to access privacy sensitive sites such as those for banking or taxing, and only accept the valid public key certificates issued by trusted sources.

The rise of web 2. 0 applications and software-as-a-service has also significantly raised the possibility of side-channel attacks on the web, even when transmissions between a web browser and server are encrypted ( e. g., through HTTPS or WiFi encryption ), according to researchers from Microsoft Research and Indiana University.

Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying HTTP protocol can be encrypted.

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.

In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

loaded insecurely on a HTTPS page makes the user vulnerable to attacks.

Similarly, cookies on a site served through HTTPS have to have the secure attribute enabled.

Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software.

This type of attack defeats the security provided by HTTPS by changing the < tt > https :</ tt > link into an < tt > http :</ tt > link, taking advantage of the fact that few Internet users actually type " https " into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP.

One clear benefit to SSL offloading in the Load Balancer is that it enables the Load Balancer to do load balancing or content switching based on data in the HTTPS request.

* Content-aware switching: most load balancers can send requests to different servers based on the URL being requested, assuming the request is not encrypted ( HTTP ) or if it is encrypted ( via HTTPS ) that the HTTPS request is terminated ( decrypted ) at the load balancer.

Load balancing can be performed on HTTP, HTTPS, VPN, or any TCP / IP traffic using a specific port.

* Sun Java System Web Proxy Server is a caching proxy server running on Solaris, Linux and Windows servers that supports HTTPS, NSAPI I / O filters, dynamic reconfiguration, SOCKSv5 and reverse proxy.

GUI administration was introduced with version 4. 1, and it has been through several incarnations: PIX Firewall Manager ( PFM ) for PIX OS versions 4. x and 5. x, which runs locally on a Windows NT client ; PIX Device Manager ( PDM ) for PIX OS version 6. x, which runs over https and requires Java ; and Adaptive Security Device Manager ( ASDM ) for PIX OS version 7 and greater, which can run locally on a client or in reduced-functionality mode over HTTPS.

In June 2010, Conroy was criticized by SAGE-AU for " misinformation that verged on fear-mongering " when he suggested Google street view cars could have captured internet banking details in their recording of wireless network traffic, as these are generally exchanged over secure HTTPS connections.

If it does the address on the credit card information entry screen will start with " HTTPS ".

* Microsoft Message Queuing on Windows Server 2003 utilises pipelining on HTTP by default, and can be configured to use it on HTTPS.