HTTPS

보안

정의

보안 HTTP(HTTP Secure). TLS를 사용하여 브라우저와 웹 서버 간 전송 중인 데이터를 보호하는 HTTP의 암호화 버전입니다. 브라우저의 자물쇠 아이콘과 https:// URL 체계로 식별됩니다.

HTTPS vs. HTTP

The only technical difference between HTTP and HTTPS is that HTTPS wraps the HTTP exchange inside a SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. session. The browser first establishes a TLS connection — verifying the server's SSL/TLS CertificateA digital document that binds a cryptographic key pair to an organization or domain, enabling encrypted HTTPS connections. Issued by Certificate Authorities (CAs) like Let's Encrypt, it proves a website's identity to browsers., negotiating cipher suites, and deriving session keys — then sends HTTP requests over the encrypted channel. From the application perspective, HTTP works identically over TLS.

Without HTTPS, every router, ISP, and network observer on the path between client and server can read and modify the traffic. Login credentials, session cookies, and personal information travel in plaintext over unencrypted HTTP.

Modern HTTPS Requirements

Browsers now mark HTTP sites as "Not Secure" and increasingly refuse to load mixed content (HTTP resources on HTTPS pages). HTTP/2 and HTTP/3 are only supported over TLS in practice. Search engines treat HTTPS as a ranking signal. Let's Encrypt has made free, automated certificate issuance the norm, removing the cost barrier to adoption.

HSTS and Preloading

HTTP Strict Transport Security (HSTS) instructs browsers to always use HTTPS for a domain, even if the user types http://. Once a browser sees an HSTS header, it refuses to make unencrypted connections to that domain for the duration of the max-age period. HSTS preloading allows domains to be hardcoded into browser HSTS lists before any connection is ever made, preventing first-visit downgrade attacks.

Use SSL Certificate Checker to verify a site's HTTPS configuration, certificate chain, and HSTS settings. Check HTTP Header Analyzer to confirm security headers are correctly set alongside HTTPS.

관련 용어

보안에서 더 보기