Port 443: What's Using It and Is It Safe to Kill?

Port 443 is HTTPS, the encrypted version of web traffic. It’s the busiest port on the internet: almost every secure website you load travels over it. On your Mac, the question is usually whether something is listening on 443 locally, which means a web server.

What typically listens on port 443

• Outbound browsing: Every HTTPS page your browser loads connects to port 443 on the remote server. This is normal traffic, not a local listener.
• Local web servers: nginx, Apache, and Caddy bind 443 when configured for HTTPS.
• Dev servers with TLS: Some local setups serve HTTPS on 443, or on 8443 to avoid needing admin rights.
• Proxies: Local reverse proxies terminating TLS listen here.

Binding 443 is in the well-known range (0-1023), so it requires admin privileges.

Is it safe to kill?

If the listener is a local web server you started, yes. Killing it stops that server and frees the port, and nothing in macOS depends on a 443 listener by default. As always, make sure you aren’t ending a server you still need.

Closing outbound 443 isn’t something you kill; that’s just your browser talking to websites.

Is it suspicious?

A 443 listener on a machine where you don’t run web servers is worth identifying. Because 443 is trusted and rarely blocked by firewalls, it’s also a port that unwanted software sometimes uses to blend in. Check the owning process name. If it’s nginx, Apache, or a dev tool you set up, it’s expected.

How to find what’s on port 443 on macOS

sudo lsof -i :443

The sudo is needed because binding 443 requires privileges, so the owning process may run as root. To stop a local server by PID:

sudo kill $(sudo lsof -ti :443)

Portie shows port 443 with its owning process in its live view, and its remote scanner checks whether 443 is open on any host you point it at.