What is HTTPS?

How Web Encryption Works and Why DNS Filtering Still Applies

HTTPS (HyperText Transfer Protocol Secure) encrypts the data exchanged between your browser and a website using TLS. While HTTPS protects page content, DNS filtering still works because the DNS lookup happens before the encrypted connection begins.

Learn About DNS Security

Step 1: What is HTTPS?

HTTPS is the secure version of HTTP, the protocol used to transfer web pages between servers and browsers. The "S" stands for Secure — it means the connection is encrypted using TLS (Transport Layer Security).

When you visit a website over HTTPS, all data exchanged — page content, form submissions, cookies, login credentials — is encrypted so that third parties (ISPs, network operators, attackers) cannot read or modify it in transit.

Today, over 95% of web traffic uses HTTPS. Browsers display a padlock icon for HTTPS connections and warn users when visiting unencrypted HTTP sites.

Step 2: How HTTPS Works

An HTTPS connection is established through a process called the TLS handshake:

  • DNS resolution: The browser first resolves the domain name to an IP address via DNS — this step happens before encryption
  • TCP connection: The browser connects to the server's IP address on port 443
  • TLS handshake: The server presents its TLS certificate, the browser verifies it, and they negotiate encryption keys. The SNI extension reveals the hostname during this step
  • Encrypted transfer: All subsequent data is encrypted — page content, headers, and responses are unreadable to anyone intercepting the traffic

Step 3: HTTPS and DNS Filtering

A common question: "If HTTPS encrypts everything, how does DNS filtering still work?" The answer is that DNS filtering operates at a different layer — before the HTTPS connection is established.

  • DNS happens first: Before your browser can connect to example.com over HTTPS, it must resolve the domain to an IP address. DNS filtering intercepts at this step
  • HTTPS encrypts content, not DNS: Standard DNS queries are unencrypted (unless you use DoH or DoT). Even with encrypted DNS, CleanBrowsing still filters because it's the resolver performing the lookup
  • Domain-level blocking: DNS filtering blocks entire domains, not specific pages. It doesn't need to see the encrypted page content — it only needs the domain name from the DNS query

Step 4: The Full Security Picture

HTTPS is one layer of web security. For comprehensive protection:

  • HTTPS: Encrypts data between browser and server — protects against eavesdropping
  • DNS filtering: Blocks access to malicious or unwanted domains — protects against threats before connections begin
  • Encrypted DNS: Encrypts DNS queries — prevents DNS eavesdropping and tampering
  • DNSSEC: Authenticates DNS responses — prevents spoofing and poisoning

For website owners, NOC.org provides TLS certificate management, CDN, and WAF services that protect the server side of HTTPS connections. CleanBrowsing protects the user side by filtering DNS queries before those connections begin.

Add DNS-level security to your network

Learn About DNS Security