Man in the middle attack is shortly called MITM. This is a hacking method that used by hackers to leak information’s that was transferred between client and server. Man in the middle is possible if and only if the communication done through http protocol. The reason is this protocol transfer information I'm plain text that makes a hacker or an attacker to leak information that was transferred between client and server by making a connection between them. This is widely used in LAN, as it is very easy to make connection in local area network. The security problem that occurs with the http led to the coining of https it's similar to http for transferring web pages and allows web browsing. But there is a security step was made to protect from information leakage. Through https when transferring information it will do an encryption process and change the information to some codes that can be decrypted if and only if the man in the middle attacker has the decryption key which is impossible to get. Encryption and decryption process is done by the client browser. So client and server will get the actual message that transferred. If you look at some of the websites like Facebook, PayPal, Google etc was loading in https.
By default http use port 80 and https use port 443, compared to https http was the fastest I'm loading that's why http is used I'm blogging sites and website homepage. By default web browsers make connection with http so https connection is not possible unless the client to enter the entire url in https for example: if the client entered domain.com in the url box and click go then the link that load will be like http://www.domain.com but in order to make connection in https the client need to enter https://www.domain.com which in most case the clients will not do so that a new security step has been taken to avoid this problem that is HSTS widely called as HTTP strict transport security feature this makes the web browser to understand that the connection to the site need to be I'm https. Developer can setup an age to the HSTS at that much time the web browser will remember the connection is in https only. This security steps makes impossible for the hackers to leak information though man in the middle as the connection is completely in https. Make sure that the site is in https when you provide payment details and other private information to a web server. This will make your privacy in safe.