# http / https

HTTP data is not encrypted, it can be intercepted by third parties to gather data being passed between the two systems.

when a website uses HTTPS, it means the data sent over the web is ***encrypted*** and cannot be misused by third parties

To implement HTTPS, a web site needs to purchase **SSL** certificate (Secure Socket Layer) that sets up a secure encrypted connection between server and client

## How servers implement HTTPS

<< to do - link a resource that explains https and its implementation >>