Unless otherwise protected, all HTTP requests and responses are sent in clear text. Anyone with access to the network that the messages travel over can potentially intercept our traffic and read it without hindrance.

Since the web is used for transferring quite a lot of sensitive data, solutions have been created for preventing eavesdroppers from reading the traffic, even if they are able to intercept it. These solutions, for the most part, employ some form of encryption.

The standard method for encrypting HTTP traffic is called HTTP Secure, or HTTPS. It uses an encryption mechanism called TLS/SSL, and it is applied to the TCP connection on which the HTTP traffic travels. HTTPS typically uses TCP port 443, as opposed to the default HTTP port 80.

To most users, this process is almost transparent. In principle, we only need to change the http in a URL to an https. Since urllib supports HTTPS, the same is true for our Python clients.

Note that not all servers support HTTPS, so simply changing the URL scheme to https: isn't guaranteed to work for all sites. If this is the case, then the connection attempt may fail in a number of ways, including a socket timeout, a connection reset error, or possibly even an HTTP error, such as a 400 range error or a 500 range error. An increasing number of sites are enabling HTTPS however. Many others are switching to it and using it as their default protocol, so it's worth investigating whether it's available so you can give your application's users extra security.