Does https include protection from a replay attack?

yes, it does . http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html

HTTPS calls nonce connection id and its 128 bits long.


It depends on the implementation of HTTPS. It indeed can be secure against a replay attack - for instance in an RSA key exchange, a temporary key is created which prevents execution of a replay attack. However, a anonymous key exchange does not provide replay protection, I believe.

https://datatracker.ietf.org/doc/html/draft-ietf-tls-ssl-version3-00 Appendix F