Skip to content
PortsDB

Port reference

Port 80 (TCP) – HTTP

Cleartext HTTP — the unencrypted web protocol, normally redirected to HTTPS.

tcpWell-knownCommonly attacked

Default state

Open on virtually every web server by default. Almost always exposed to the internet, typically to redirect visitors to HTTPS.

Common attacks

  • Traffic interception and credential/session sniffing (cleartext)
  • Man-in-the-middle and SSL stripping
  • Web app exploitation: SQLi, XSS, path traversal, RCE
  • Automated vulnerability scanning and directory brute forcing

Hardening

  • Redirect all HTTP to HTTPS (301) and serve no sensitive content on 80
  • Enable HSTS with preload to force browsers onto TLS
  • Put a WAF / reverse proxy in front and patch the web stack
  • Disable directory listing and hide server version banners
  • Rate-limit and monitor for scanning and brute force

nmap snippet

nmap -p80 --script http-title,http-headers,http-enum,http-methods <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 80?

Port 80 is the well-known port for HTTP (Hypertext Transfer Protocol), the original, unencrypted protocol of the web. A browser connecting to http://example.com reaches port 80 by default. It carries page requests, form submissions, API calls, and responses entirely in cleartext, which is why modern sites use it almost exclusively to redirect visitors to HTTPS on port 443.

Why it matters for security

Because traffic on port 80 is unencrypted, anyone on the network path — a rogue Wi-Fi hotspot, a compromised router, an ISP — can read or tamper with it. Login credentials, session cookies, and personal data sent over HTTP are exposed. Port 80 is also one of the most probed ports on the internet, since every open web server is a candidate for application-layer attacks.

How it's attacked

Attackers sniff cleartext to harvest credentials and session tokens, and run man-in-the-middle / SSL stripping to keep victims on HTTP instead of HTTPS. The web application behind port 80 is itself a target for SQL injection, cross-site scripting (XSS), path traversal, and RCE. Bots continuously perform directory brute forcing and version-specific vulnerability scanning against open HTTP services.

Hardening checklist

Redirect all HTTP to HTTPS with a 301 and serve no sensitive content on port 80. Enable HSTS (ideally with preload) so browsers refuse to use cleartext. Front the server with a WAF or reverse proxy, keep the web stack patched, disable directory listing, and suppress version banners. Rate-limit and monitor for scanning. The nmap snippet enumerates titles, headers, methods, and common paths so you can review exposure on servers you are authorized to test.

Related ports

Port 443Port 8080Port 8443Port 3128

Frequently asked questions

Is port 80 secure?
No. HTTP on port 80 is cleartext, so anyone on the path can read or modify traffic. Use it only to redirect to HTTPS (port 443) and serve nothing sensitive over it.
Can I just close port 80?
You can, but most sites keep it open to redirect legacy and typed-in HTTP links to HTTPS. If kept open, it should do nothing but issue a 301 to the TLS site.