Port 80/tcp is the IANA-assigned home of HTTP and, by nmap-services frequency, the single most commonly open TCP port on the internet. HTTP is the stateless request/response protocol of the World Wide Web — methods, header fields, and status codes carried over TCP — with HTTP/1.1 specified in RFC 9112, HTTP/2 in RFC 9113, and cross-version semantics in RFC 9110. In 2026 the principal *legitimate* role of plaintext port 80 is to issue an HTTP 301 redirect to HTTPS on 443 and to serve the ACME HTTP-01 challenge during certificate issuance; browsers increasingly treat plaintext HTTP as hostile (Chrome's "HTTPS-First" rollout). The IANA registry is unusually layered here: the canonical name is http ("World Wide Web HTTP", reference RFC 9110), alongside an alias www that the registry explicitly flags as a duplicate "not to be used for discovery purposes," and the original www-http entry whose registry contact is Tim Berners-Lee and whose reference field is blank. For an analyst, an open 80/tcp means a web server or a redirect — the useful steps are fingerprinting the server/app and version, checking whether it redirects to HTTPS, and scanning the web application for vulnerabilities. Because the traffic is unencrypted, it is exposed to eavesdropping, credential sniffing, and on-path content injection, and HTTP beaconing is a frequent hiding place for command-and-control.
http — "World Wide Web HTTP"; reference [RFC9110] (modified 2021-10-01). Aliases at port 80: www (registry: duplicate of http, not for discovery) and legacy www-http (contact Tim Berners-Lee, reference blank) [IANA-assigned] — IANA Service Name and Transport Protocol Port Number Registry