Need cloud computing? Get started now

Products

Cloud Computing
Security
Content Delivery
All Products and Trials
Global Services

Cloud Computing

Compute

Build, release, and scale faster with VMs for every workload

Networking

Secure your network, balance traffic, control your infrastructure

Containers

Efficiently orchestrate containerized applications

Developer Tools

Get the most out of your applications with advanced management tools

Storage

Deploy dependable, easily accessible storage and management

Databases

Scale easily with simple and reliable managed databases

Create a Cloud Account

Security

App and API Security

Discover and monitor API behavior to respond to threats and abuse

App & API Protector

Protect web apps and APIs from DDoS, bots, and OWASP Top 10 exploits

Client-Side Protection & Compliance

Assist with PCI compliance and protect against client-side attacks

Zero Trust Security

Akamai Guardicore Platform

One Zero Trust platform for coverage, visibility, and granular control.

Akamai Guardicore Segmentation

Mitigate risk in your network with granular, flexible segmentation

Secure Internet Access

Proactively protect against zero-day malware and phishing

Stop the most evasive threats with proactive threat hunting

Enterprise Application Access

Granular application access based on identity and context

Harden against account takeovers and data breaches with phish-proof MFA

Bot & Abuse Protection

Account Protector

Mitigate account abuse and grow your digital business

Content Protector

Stop scrapers, protect intellectual property, and increase conversion

Brand Protector

Detect and mitigate fraudulent representations of your brand

Welcome the bots you want and mitigate those you don’t

Add secure, cloud-based identity management to your websites or apps

INFRASTRUCTURE SECURITY

External authoritative solution for your DNS infrastructure

Protect your infrastructure from distributed denial-of-service attacks

Boost network performance and security for IP-based applications

Content Delivery

APPLICATION PERFORMANCE

Improve the performance and reliability of your website at scale

API Acceleration

Improve the performance and reliability of your APIs at scale

Boost network performance and security for IP-based applications

MEDIA DELIVERY

Adaptive Media Delivery

High-quality video delivery for any screen to global audiences

Download Delivery

Deliver large file downloads flawlessly, every time, at global scale

EDGE APPLICATIONS

Execute custom JavaScript at the edge, near users, to optimize UX

Distributed key-value store database at the edge

Image & Video Manager

Automatically optimize images and video for every user, on any device

Predefined apps that run at the edge for specific business needs

Use an efficient caching layer to improve origin offload

Global Traffic Management

Optimize performance with intelligent load balancing

MONITORING, REPORTING, AND TESTING

Low-latency data feed for visibility and ingest into third-party tools

Measure the business impact of real user experiences in real time

Site and application load testing at global scale

Solutions

Use Cases
Industry Solutions

Use Cases

CLOUD COMPUTING

Deliver an engaging, interactive video experience

Build with portability, performance, and efficiency from cloud to client

Improve the gamer experience with low latency and high availability

SECURITY

Protect your brand by securing apps and APIs from persistent threats

Solutions for comprehensive coverage, visibility and control

DDoS Protection

Protect your infrastructure from DDoS and DNS attacks

Bot & Abuse Protection

Stop account abuse, sophisticated bot attacks, and brand impersonation

CONTENT DELIVERY

App and API Performance

Improve user engagement through app & API optimization

Deliver seamless streaming and download experiences to any device

Build and deploy on the world’s most distributed edge platform

Industry Solutions

Why Akamai

Why Akamai

Discover Akamai Connected Cloud

Our Platform

Explore our global infrastructure

Company

See how we power and protect life online

Resources

Library

Learn

Educational resources and training for Akamai products and services

Key concepts in security, cloud computing, and content delivery

Security Research

Akamai Security Research

Insights and intelligence from the Akamai Security Intelligence Group

State of the Internet (SOTI) Reports

In-depth analysis of the latest cybersecurity research and trends

Partners

Find a Partner
Become a Partner
Cloud Computing Marketplace

Find a Partner

Why Choose an Akamai Partner

Learn about our industry-leading ecosystem of partners

Partner Directory

Find a channel or technology partner

Become a Partner

Contact Us

Contact Sales

Have questions? We can help.

Customer Support

Need technical support? We are here 24/7.

What Is HTTPS?

What is HTTPS or secure web protocol?

Video thumbnail image illustrating HTTPS or secure web protocol.

Now let’s look at the secure web protocol, HTTPS. The “S” at the end of HTTPS, of course, stands for “secure.” HTTPS provides for authentication of the website as well as encryption of the communication. Authentication of the website is how you know that you’re actually visiting www.apple.com and not some fake. Initially, HTTPS was used to protect logins and confidential online transactions like online banking and online shopping. These days, though, HTTPS is pretty much the default for everything.

HTTPS is based on a technology called public-key cryptography. To make it work, the website needs a public-private key pair that is certified by a certificate authority. I will not be getting into the workings of public-key cryptography.

Now, let’s redo our example, this time with HTTPS. Step 1 is just as before: We type the address or click on a link.

Before we can move on to step 2, we have to insert a new step that I’m numbering as 1.5. In this step, the browser and web server perform a cryptographic dance, that is, an exchange of messages and some really interesting computation, using the web server’s public-private key pair, in order to authenticate the website and create two new keys that are called session keys — one for the client and one for the server. These session keys are used to encrypt and decrypt the messages.

These cryptographic functions are performed by a protocol that is called Transport Layer Security (TLS), which is the successor to the now-deprecated Secure Sockets Layer (SSL).

Now we can move on to step 2, which works just as before, but now, after the browser writes the request message, before it can send it, it uses its session key to encrypt it. The encrypted message is then sent to the web server. The web server then, after receiving the message, uses its session key to decrypt and then read the message.

Step 3 operates similarly with the response message. After writing the response message, the web server encrypts it using its session key and then sends it back to the browser. The browser, then, after receiving the message, uses its session key to decrypt and then read the message.

Finally, step 4 operates as before — the browser renders the response, and we can see the web page.

Note that the padlock icon indicates a secure connection and authentication of the website.

You may be wondering how the request and response messages find their way to the web server and back. The answer is the Internet Protocol, IP, and that is the subject of the next presentation, What Is an IP Address?

A secure website has become an important signal of trust to internet users. Seeing a lock symbol in the browser address bar offers people using websites a degree of assurance that the website is legitimate and safe.

The internet is based on protocols, including the Hypertext Transfer Protocol (HTTP). An S in the HTTP of a website URL, i.e., HTTPS, denotes that the site uses the secure version of HTTP, i.e., S for Secure. HTTPS (Hypertext Transfer Protocol Secure) was originally used to protect online logins and ensure that online banking and shopping transactions were secure. However, in 2014, Google upped the stakes for HTTPS by using HTTPS as a ranking signal. The effect on the uptake of HTTPS was dramatic, and today over 80% of all websites use HTTPS.

What’s the difference between HTTP and HTTPS?

HTTPS and the related security protocol, SSL (Secure Sockets Layer), were released by Netscape in 1994 to protect the Netscape browser.

HTTPS connections facilitate two critical functions to help establish trust and create secure connections on the internet:

Website authentication: This authenticates a website so that the user knows the site has been checked for legitimacy; e.g., apple.com is the website of the company Apple Inc.
Data encryption: HTTPS websites use the Transport Layer Security (TLS) protocol (the successor of SSL) to encrypt web traffic, protecting sensitive information between a client (e.g., web browser) and web server. For example, if you buy something online and send your credit card data to make the purchase, if the site is HTTPS, that data will be sent in encrypted form, rather than plain text to the web server.

How does HTTPS work?

HTTPS is based on a technology called public key infrastructure (PKI). PKI relies on public key cryptography and a digital signature. A “key pair” is created by the website owner, and the public key is sent to a trusted authority known as a “certificate authority” (CA). This authority signs the public key, which produces a document known as a digital certificate. The website now holds a private key and an SSL certificate, which holds the public key. The public key verifies anything signed by the private key. The digital certificate provides a chain of trust and validation that the website is authentic. HTTPS works alongside a security protocol (SSL/TLS) to encrypt and decrypt communications and sensitive data between the web browser and web server.

The steps in an HTTPS request-response flow

The request-response flow of the HTTPS protocol begins in the same way as HTTP. However, an interim step, step 1.5, is used to differentiate the two flows:

Step 1: Navigation and initiation

The user types a web address into a browser or clicks on a link in an email or other communication. The address contains a Uniform Resource Locator (URL), which contains HTTP to inform the browser to use HTTP to fetch the document representing the URL.

Step 1.5: The cryptographic dance

Step 1.5 involves the browser and web server performing a “cryptographic dance.” This involves the exchange of encrypted messages. The steps require that complex cryptographic functions are performed using the TLS protocol, using the web server’s public-private key pair generated via the certificate authority (CA). This step authenticates the website and creates two new keys (session keys) — one for the client and one for the server. These session keys are used to encrypt and decrypt the messages.

Step 2: Client sends HTTP request message to server

Step 2 is the same as the HTTP step 2 request-response flow. The client, e.g., the browser, constructs a request message that is directed to the web server. The message includes additional information about the request, such as who the requesting entity is. However, unlike HTTP, after writing the request message and before the browser can send the message, the HTTP(S) request must use the session key to encrypt the message.

Step 3: Web server sends the HTTPS response back to the client

Once a request is received, the web server uses its session key to decrypt and read the message. The web server then constructs a response message, which encrypts using the session key before sending it back to the browser.

Step 4: Message rendered by the browser

On receiving the encrypted message, the browser uses its session key to decrypt and then read the message. The final part of this step is the browser rendering the response message and displaying the web page in the browser.

Why is it important to use HTTPS?

Without HTTPS, internet users and data exchanged online between clients (e.g., browsers) and a web server are at risk from the following:

Interception attacks: HTTPS uses the TLS protocol to encrypt communications. Even if attackers intercept the communication, they cannot decrypt and steal the data.

Credential theft: Credential theft is behind 54% of security incidents, according to a report from Ponemon. If a website has HTTPS implemented correctly, any data submitted via that website — for example, login credentials — will be secure, as it is encrypted.

Decreased trust: Websites that signal they are HTTPS have been issued a digital certificate by a trusted CA. The CA performs due diligence checks on the company during the certificate issuance. However, caution should still be used, as according to statistics from the Anti-Phishing Working Group (APWG), 83% of phishing sites use HTTPS.

Frequently Asked Questions (FAQ)

HTTPS is the secure version of the Hypertext Transfer Protocol (HTTP) that fetches resources such as HTML documents. HTTPS facilitates secure messaging between the client (browser) and a web server. HTTPS uses key-pair cryptography along with the Transport Layer Security (TLS) protocol to perform the encryption/decryption of these messages. HTTPS also signals that a website uses this secure protocol and that the website owner has been verified.

HTTP is a web protocol used to deliver a website’s content, allowing it to be displayed in a browser. The Web Protocol, HTTP, is a request-response protocol that defines how web clients communicate with web servers. HTTPS is the secure version of this protocol that utilizes Transport Layer Security (TLS) protocol and key-pair cryptography to secure the exchange of messages between the client (e.g., browser) and a web server.

No, HTTPS does not necessarily mean that a website is safe.

HTTPS (Hypertext Transfer Protocol Secure) is a protocol that encrypts the communication between a web browser and a website, providing a secure connection. It ensures that the data transmitted between the user and the website cannot be intercepted or tampered with by unauthorized parties.

While HTTPS is an important security measure that protects data during transmission, it does not guarantee the overall safety or trustworthiness of a website. A website could still contain malicious content, have vulnerabilities, or engage in fraudulent activities even if it uses HTTPS.

HTTPS stands for "Hypertext Transfer Protocol Secure.” The purpose of the “S” in HTTPS is to indicate that the communication between a web browser and a website is encrypted and secure.

The “S” in HTTPS indicates that the website has an SSL/TLS certificate installed and that the connection is encrypted and secure. This encryption helps protect sensitive information and ensures that the user’s connection with the website is authentic and trustworthy.

Why customers choose Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.

How the Internet Really Works Video Series

In a series of short video presentations, Robert Blumofe, Akamai Executive Vice President and Chief Technology Officer, explains how the foundation stones of the World Wide Web work.

What is http or web protocol?

What is https or secure web protocol?

What is DNS?

What is an IP address?

What Is an IP Address?

What are packets?

What Are Packets?

What are ports?

What Are Ports?

To watch this complete video series, please visit and/or register at Learn Akamai.

Explore all Akamai security solutions