What Is HTTP?

Date First Published: 9th February 2022

Topic: Computer Networking

Subtopic: Internet Protocols

Article Type: Computer Terms & Definitions

Difficulty Level: 5/10

Learn more about what HTTP is in this article.

Short for hypertext transfer protocol, HTTP is a protocol that is used for the transmission of information between web browsers and servers and was developed by Tim Berners-Lee. In other words, it is how computers communicate with each other across the World Wide Web. It is the top layer (application layer) of the TCP/IP protocol suite and HTTP allows users to communicate with web resources, such as HTML pages, CSS sheets, images, and video files by the use of hypertext messages from web browsers to servers. TCP connections are used by users for communicating with web servers. An example of the use of HTTP is sending data through online forms or requesting files at certain web addresses.

HTTP Messages

HTTP makes use of requests methods for performing certain tasks. A HTTP message called a GET request is used when a computer is fetching data. When form data is sent or files are uploaded, HTTP uses other messages, such as POST or PUT requests. HTTP messages that are being sent can be seen in the developer tools of most web browsers. Other HTTP messages include:

• HEAD - To request a specific resource within the body content.
• DELETE - To delete a resource from the server.
• TRACE - To perform a loop-back test to a specified resource, which is a useful mechanism for debugging.
• OPTIONS - To describe the communication options that are available for the specified resource.
• CONNECT - To convert the request connection to a transparent TCP/IP tunnel or create a HTTP tunnel through a proxy server.
• PATCH - To partially alter a web resource.

Security

HTTPS is the more widely used and secure version of HTTP since it encrypts data into random characters by the use of SSL/TLS between the user and the server. It is used by 76% of other websites and it carries this out by public-key encryption where there are two keys. One of the keys is shared with users via the SSL certificate of the website, called the public key. When a user establishes a connection with a server, the public and private keys are used to agree on new keys, known as session keys, in order to encrypt future communications. Instead of 'Hypertext Transfer Protocol', it stands for 'Hypertext Transfer Protocol Secure'. Although HTTP may be okay for a website where users only read a few articles and do not enter any personal information, it becomes a huge security risk when entering sensitive information, such as financial details or passwords.

With HTTP, all information is sent in plain text and could be read by someone that is monitoring the connection. In other words, it means that information sent between the user and the server is not secure. HTTPS websites will show a padlock in the address bar and HTTP websites will show something like 'Not secure' in the address bar. For some websites, it is actually possible to view a more secure version of the webpage by entering 'https://' instead of 'http://' before the address. In addition, HTTPS can help improve the SEO (Search Engine Optimisation) of a website, since most popular search engines rank websites with valid HTTPS higher and HTTP uses port 80 and HTTPS uses port 443. The HTTP version of a website can be redirected to the HTTPS version by including 301 redirects in the .htaccess file:

An insecure HTTP GET request in plain text looks like this:

In this example, only HTTP is being used, allowing the information to be read by anyone monitoring the session that has a basic understanding of the syntax and commands of the HTTP protocol.

However, when HTTPS is used over SSL/TLS, the HTTPS request looks like this:

This text is now some random characters. However, it can be decrypted with the private key, which is the secret key that is used for decrypting the message. The private key is unavailable via the publicly accessible directory.

Warning:

Never enter any sensitive information, such as bank details or passwords in websites that do not use HTTPS or have the padlock icon in the address bar. All information is sent in plain text and could be read by someone that is monitoring the connection.

Versions of HTTP

There have been a number of versions of HTTP. Some of them include:

• HTTP/0.9 - First version of HTTP that was officially released in 1991.
• HTTP/1.0 - Officially released in 1996. As stated in the RFC 1945, after a response has been sent, the server should always close the TCP/IP connection.
• HTTP/1.1 - Officially released on January 1997 - In order for a connection to be reused for more than one request/response, a keep-alive mechanism was officially introduced.
• HTTP/2 - Officially released on 14th May 2015. It reduces the loading times of webpages by compressing HTTP headers and prioritising and multiplexing data requests in the browser.
• HTTP/3 - First supported in version 79 of Google Chrome that was released on 10th December 2019 and version 72.0.1 of Firefox that was released on 8th January 2020. It was released with the aim of lowering data congestion by using UDP for sending control messages.

HTTP Status Codes

HTTP status codes identify the status of HTTP requests on the World Wide Web. The most well-known HTTP status code is 404, which means that the requested page cannot be found. Status codes help users to identify the meaning of errors as well as the status of a HTTP request. For example, the status code 200 means that the request is successful without any errors and the status code 301 means that the page has moved permanently to a new address. A list of HTTP status codes can be seen here.