HTTPS is HTTP layered on top of TLS (Transport Layer Security). The TLS layer authenticates the server (via a certificate signed by a trusted CA), encrypts the request and response (so network intermediaries see only ciphertext), and ensures integrity (a man-in-the-middle attacker can't modify content without breaking the signature).
HTTPS is mandatory for the modern web: browsers warn on plain HTTP, Service Workers require HTTPS, HTTP/2 + HTTP/3 only run over TLS, and many features (geolocation, camera, push notifications) refuse to work without a secure context. Google has used HTTPS as a (small) ranking signal since 2014.
Free HTTPS via Let's Encrypt + automated renewal (certbot, Caddy, Cloudflare) is the universal answer. Pair with HSTS (Strict-Transport-Security header) to prevent protocol downgrade attacks once HTTPS is stable.