How HTTPS Works
๐ 6 min read
Quick Answer
That little padlock in your address bar is doing a lot of work. HTTPS quietly encrypts almost everything you do online, stopping eavesdroppers from reading or tampering with your data. But it is also widely misunderstood โ here is what it actually proves, and what it does not.
๐ก Think of it asโฆ
A sealed, tamper-evident envelope delivered by a courier who first shows ID. TLS checks the websiteโs "ID" (its certificate), then seals your conversation so no one along the way can read or alter it.
The certificate (the ID check)
Before encrypting anything, your browser checks the siteโs TLS certificate โ a credential issued by a trusted authority that vouches the site is who it claims to be. If the certificate is invalid or expired, you get a warning.
The handshake
Browser and server then perform a TLS handshake: using public-key cryptography, they agree on a shared secret key without ever sending it in the open. From then on, a fast symmetric cipher encrypts the whole session.
What HTTPS does and does not protect
HTTPS protects data in transit โ no one between you and the site can read or change it. It does NOT guarantee the site is honest or safe: scammers can get certificates too. A padlock means "encrypted connection", not "trustworthy website".
๐ Key takeaway
HTTPS verifies a siteโs certificate, then encrypts your connection so no one can snoop or tamper in transit. But the padlock proves encryption, not honesty โ a scam site can still have HTTPS.
Why this matters for you
Knowing what the padlock really means is basic scam defense โ crucial when buying crypto or banking online. Always check the full domain, not just the padlock, before entering credentials or seed phrases (never enter a seed phrase on any website).
Frequently asked questions
Does the padlock mean a site is safe?โผ
No. It only means your connection is encrypted. Phishing and scam sites routinely use HTTPS. Always verify the exact domain name and never enter sensitive data on a site you reached via an unsolicited link.
What is the difference between SSL and TLS?โผ
TLS is the modern, secure successor to the older SSL protocol. People still say "SSL" out of habit, but todayโs secure connections use TLS.
Is HTTP (without S) dangerous?โผ
On plain HTTP, anyone on the network can read or alter your data. Never log in or enter payment or crypto details on a non-HTTPS page.