HTTP and HTTPS
Also known as: HyperText Transfer Protocol, HTTP Secure
HTTP is the request-response protocol of the web; HTTPS is HTTP running inside a TLS-encrypted channel, providing confidentiality, integrity, and server authentication.
Last updated:
What are HTTP and HTTPS?
HTTP (HyperText Transfer Protocol) is the stateless request-response protocol that web browsers and servers use to exchange pages, images, API calls, and every other web asset. HTTPS is the same protocol running inside a TLS encrypted session, providing confidentiality, integrity, and server authentication. Every modern website uses HTTPS; browsers actively warn on the increasingly rare pages that still serve content over plain HTTP.
Ports, versions, and transport
HTTP traditionally uses TCP port 80; HTTPS uses TCP port 443. HTTP/1.1 (1997, text framing) was the dominant wire format through the mid-2010s. HTTP/2 (2015, binary multiplexed framing) and HTTP/3 (2022, running over QUIC instead of TCP) now carry the majority of production web traffic. HTTP/3 moves off TCP entirely to eliminate head-of-line blocking and cut connection setup time from multiple round trips to a single round trip or even zero on repeat connections.
HTTP in traffic analysis
Server logs, CDN logs, WAF logs, and IDS alerts all record the client IP, User-Agent, and request path for every HTTP request. Correlating those against IP reputation and ASN data catches a lot of abuse before it reaches the application layer — scraping from datacenter ASNs, credential stuffing from proxy pools, and vulnerability scans from known-bad /24s all leave distinctive fingerprints in HTTP logs. When investigating a request, the source IP's reputation tells you whether it's a human, a legitimate bot, or an attacker before you look at the payload.
Investigate the source IP behind any suspicious HTTP request with our IP lookup tool.