HTTP web traffic sent between the server and browser is sent unencrypted in the clear text, which is a security risk since a third party can potentially hijack the traffic and read the data, which may contain sensitive information such as names, addresses, and bank details.

When we implement a Secure Socket Layer (SSL) certificate and use an HTTP Secure (HTTPS) endpoint, the traffic is encrypted, making it difficult to steal by a third party (although not impossible—look up the man-in-the-middle attack and brute force attack; the former is associated with hackers and the latter with government agencies that have super computers!).

Using HTTPS has a performance impact as every connection made has an initial handshake ...