Hypertext Transfer Protocol or HTTP is a protocol used to transmit web pages and its contents like HTML, Image, JavaScript, CSS, etc. HTTP is used in a client-server model where the communication is generally started by the client and the server-side response to the client requests.
HTTP History
HTTP is created in 1989 by Tim Berners-Lee who was a CERN personnel. The proposed project name was World Wide Web . Word Wide Web is intended to be a computer network and resources which can be shared and used for the whole world.HTTP and HTML were the core protocols for the World Wide Web or simply WWW. HTTP was the transmission protocol of the resources where HTML was the format and protocol of the resources.
The first documented version of the HTTP was 0.9 which is released in 1991. The first major version HTTP 1.0 was released in 1996. The HTTP 1.0 was officially introduced in RFC 1945. This version is rapidly supported by web browsers.
The second version of the HTTP was numbered as HTT1.1 which was providing a lot of updates to version 1.0. HTTP 1.1 is provided as RFC 2068 in 1997. Over time with the need for new implementations in 2014 multiple RFCs like RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235.
HTTP 2.0 is released in 2015 which was a big change got the HTTP protocol. It is documented with the RFC 7540. Most major browsers added HTTP 2.0 standard in a short time. HTTP 2.0 protocol was mainly based on a Google protocol named SPDY (Speedy).
Even not officially released yet HTTP 3.0 is almost ready as a draft. HTTP is mainly based UDP protocol which is also called as HTTP over QUIC
HTTP Terminology
Before starting to explain the HTTP and how it works let’s provide some terminology and their meanings.
HTML is the resource identification language which is simply text. HTML uses tags that are generally represented visually inside the browsers.
Web Browser is a GUI client-side application where the HTTP requests can be initiated by using URLs or web site addresses and the returned HTML response is printed or executed with JavaScript.
URL is is an addressing scheme where different types of resources can be addressed which is generally a web page, javascript file, image file, etc for the HTTP.
JavaScriptis a dynamic scripting language that is mainly used in client-side and runs for the given web page inside the browser.
Web Server is the server-side system which provides different web resources according to the client requests. The web server runs daemons in order to respond in a fast way. HTTP is used the communication protocol between the Web Browser and Web Server.
How HTTP Works?
As a client and server protocol HTTP is responsible for the transmission HTML, JavaScript, Image, CSS data by requesting from the Web Server. We can see below a simple HTTP session step by step.
- First, the user puts the URL into the address bar of the web browser and push to enter.
- HTTP will transfer this request to the webserver.
- The web server will parse the HTTP request and try to fulfill it by providing the requested resources.
- The web server will return HTML, JavaScript, Image, CSS and other resources in the following steps.
- The web browser will display and executed the returned resources like HTML, JavaScript, Image, CSS, etc.
HTTP Request
HTTP communication is initiated with the request. Then the returned response is parsed and according to the content of the response, new requests can be initiated too. Below is an example HTTP request which is made to poftut.com.
GET / HTTP/1.1
Host: www.poftut.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Lets exaplain this HTTP request.
GET / HTTP/1.1 is the HTTP request verb or mehtod which simply says that GET the document located in the / by using HTTP 1.1 protocol.
Host: www.poftut.com is the web site or domain or web server we want to connect which is www.poftut.com
User-Agent specifies the web browser name and version
Accept specifies the resource types the web browser can accept.
HTTP Response
HTTP Response is the response returned to the client according to its request. HTTP response generally provides some HTML code or Image file or CSS code or JavaScript code.
HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Sun, 22 Mar 2020 10:17:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-UA-Compatible: IE=edge Link: <https://www.poftut.com/wp-json/>; rel="https://api.w.org/" Content-Encoding: gzip
HTTP/1.1. 200 OK means the response protocol version is 1.1 and 200 is the HTTP status code for OK request completed successfully.
Server is the remote server software name and version with OS name.
Data is the date-time when the response is created.
Content type is the response content type which is HTML in this case with UTF-8 encoding.
HTTP Verbs or Request Methods
HTTP provides some verbs or in other words Request Methods in order, to make HTTP requestion in different styles.
HTTP GET is used to get the representation of the specified resource. GET method simply used to get remote web site content and do not make a change on the remote site.
HTTP HEAD is similar to the get but will return only the HTTP Header or information and do not contains a body.
HTTP POST is used to send some data into the remote web server where generally client-side user input is sent to the webserver inside the body of the request.
HTTP PUT is a method is used to put the information into the remote web server. The information is provided via the URI or URL, not with the body.
HTTP DELETE will delete specified remote resources that are generally not used during a web experience for end-user.
HTTP TRACE will track changes between intermediate servers. This method is not popular too.
HTTP OPTIONS will return the remote server supported methods.
HTTP CONNECT will is generally used to connect proxy servers and create an HTTP tunnel.
HTTP PATCH is used to patch or modify partially the remote resource which is not popular too.
HTTP Status Codes
Every HTTP request is returned with a code which is called HTTP Status Code . This status code specifies the completion status of the request like successful, failed, server error, etc.
Informational 1XX status codes like 101, 102 is used to provide some information about the request to the client.
Successful 2XX status codes like 200, 202 are used to provide that the request is successfully completed.
Redirection 3XX status codes like 300, 302 are used to redirect the client to different URI or address.
Client Error 4XX status codes like 400, 404 are used to inform the client that there is an error related to the request.
Server Error 5XX status codes like 503 are used to inform the client that there is a server related error that prevents the request to be completed.
Secure HTTP or HTTPS
The HTTP protocol is created as a clear text protocol where there is no security in mind. But with the increasing cybersecurity threads the HTTP protocol became very vulnerable. The SSL/TLS tunneling is created for HTTP traffic to encrypt traffic. HTTP with SSL/TLS is called HTTPS simply secure HTTP. Event a regular HTTP traffic can be eavesdropped and read easily HTTPS traffic can be read in a meaningful way to get information about the traffic.