The World Wide Web operates heavily on a client-server model. When you open a browser (the client) and type a URL, your browser sends a request to a remote computer (the server), which responds by sending the website data back to you.
This entire conversation is handled by the primary protocol of the web: HTTP.
HTTP (HyperText Transfer Protocol)
HTTP is the foundation of data communication for the World Wide Web. It dictates how messages are formatted and transmitted, and what actions web servers and browsers should take in response to commands.
The Problem: HTTP sends all of its data in plain, unencrypted text. If an attacker intercepts your network traffic, they can easily read your passwords, credit card numbers, and private messages like a standard book.
Standard Port: Port 80
HTTPS (HyperText Transfer Protocol Secure)
Because HTTP is inherently insecure, the tech industry adopted HTTPS. The "S" stands for Secure. HTTPS wraps standard HTTP data in a highly secure, cryptographic tunnel using TLS (Transport Layer Security).
The Solution: If an attacker intercepts HTTPS traffic, all they see is scrambled, mathematically unreadable garbage (ciphertext). They cannot steal your passwords without the unique decryption key.
Trust: HTTPS websites are issued SSL/TLS certificates by trusted authorities. This certificate proves the website is legitimate and not a fake clone.
Standard Port: Port 443
Cybersecurity Rule: Never, ever type personal information, login credentials, or banking details into a website that does not have the padlock icon (https://) in the browser URL bar.
How Browsers Keep You Safe
Modern web browsers (like Chrome and Firefox) play a huge role in basic cybersecurity. If a website tries to load over unencrypted HTTP, or if its security certificate has expired, the browser will actively block the page and display a massive, bright red "Not Secure" warning to prevent you from being hacked.
Deep Dive: The TLS Handshake
When you navigate to a secure https:// website, a complex, invisible mathematical process occurs in milliseconds before any web data is exchanged. This is called the TLS Handshake.
Client Hello: Your browser says, "Hello Server, I want to connect securely. Here are the encryption ciphers I understand."
Server Hello & Certificate: The server replies, "Hello. Let's use AES-256 encryption. Also, here is my official TLS Digital Certificate to prove I am the real Amazon.com, along with my Public Key."
Authentication: Your browser checks the certificate against trusted authorities (like DigiCert). If it's valid, it uses the server's Public Key to encrypt a brand new, highly secret "Session Key".
Session Key Exchange: The browser sends this locked Session Key to the server. The server is the only computer in the world with the matching Private Key needed to unlock it.
Secure Connection: Both computers now share the identical secret Session Key. They use this key to encrypt all the web traffic back and forth. Even if a hacker records the entire conversation, it is completely unbreakable.