Edit

514.1 HTTP and HTTPS

Understand how HTTP and HTTPS enable the request and delivery of web content, and how encryption protects data in transit.

Overview

In this topic, we explore how websites are loaded and how data is exchanged between browsers and servers using HTTP and HTTPS. These protocols form the foundation of how users interact with the web. We also examine how HTTPS uses encryption to protect sensitive information, such as passwords or personal details, from being intercepted or tampered with in transit.

Targets

In this topic, students learn to:

  • Describe the role of HTTP in requesting and delivering web content

  • Explain how HTTPS protects information using encryption

  • Identify the signs of a secure connection in the browser

  • Recognise the risks of using HTTP for sensitive information

  • Understand the purpose of security certificates in web communication

Syllabus references

Programming for the web

Data transmission using the web

  • Investigate and describe the function of web protocols

    • HTTP, HTTPS

How HTTP works

HTTP (HyperText Transfer Protocol) allows a browser (client) to request a resource—such as a webpage or image—from a server. The server responds by delivering the content.

Each interaction follows a request-response cycle:

  1. The client sends a request (e.g. “GET /index.html”)

  2. The server responds with content (e.g. an HTML page)

HTTP is efficient, but by default it sends data in plain text, which means it can be read or modified during transmission.

What is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) adds encryption to HTTP. It ensures:

  • Confidentiality – Information can't be read by third parties

  • Integrity – Data can’t be modified in transit

  • Authentication – The server is verified as trustworthy

HTTPS is essential for logging in, submitting forms, making payments, and accessing private data.

Browsers display a padlock icon when a secure HTTPS connection is used. This ensures that data is encrypted and sent to the correct website.

How certificates enable trust

To use HTTPS, a website must install a digital certificate. This certificate confirms:

  • The website is authentic

  • The connection is encrypted using a method called TLS (Transport Layer Security)

When you connect to a secure site:

  • The browser checks the certificate

  • If valid, the connection is encrypted and marked secure

You don't need to understand how TLS works yet—but it’s the system that makes HTTPS possible.

When is HTTPS necessary?

Modern web browsers warn users when a site doesn’t use HTTPS—especially if login forms or personal details are involved. HTTPS should be used for:

  • Any login or sign-up page

  • Online stores and checkout forms

  • Any page that handles private data (e.g. student portals, medical records)

Summary

HTTP and HTTPS are the core protocols that let web browsers and servers exchange content. HTTPS improves on HTTP by encrypting data and verifying the server’s identity, protecting users from interception, tampering, or fraud. All secure websites today use HTTPS.

Previous514 Web communication protocolsNext514.2 TCP/IP, FTP, and SFTP

Last updated

Was this helpful?