Browse Definitions :
Definition

HTTP (Hypertext Transfer Protocol)

Contributor(s): Kevin Ferguson

HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files, such as text, graphic images, sound, video, and other multimedia files, on the World Wide Web. As soon as a web user opens their web browser, the user is indirectly making use of HTTP. HTTP is an application protocol that runs on top of the TCP/IP suite of protocols (the foundation protocols for the Internet). The latest version of HTTP is HTTP/2, which was published in May 2015. It is an alternative to its predecessor, HTTP 1.1, but does not it make obsolete.

How HTTP works

As the Hypertext part of the name implies, HTTP concepts include the idea that files can contain references to other files whose selection will prompt additional transfer requests. In addition to the Web page files it can serve, any Web server machine contains an HTTP daemon, a program that is designed to wait for HTTP requests and handle them when they arrive. A web browser is an HTTP client, sending requests to server machines. When the browser user enters file requests by either "opening" a web file (typing in a URL) or clicking on a hypertext link, the browser builds an HTTP request and sends it to the Internet Protocol address (IP address) indicated by the URL. The HTTP daemon in the destination server machine receives the request and sends back the requested file or files associated with the request. As a note, a web page often consists of more than one file.

How HTTP works
How HTTP works

To expand on this example, a user wants to visit TechTarget.com. The user types in the Web address, and the computer sends a "GET" request to a server that hosts that address. That GET request is sent using HTTP and it is telling the TechTarget server that the user is looking for the HTML (Hypertext Markup Language) code used to structure and give the login page its look and feel. The text of that login page is included in the HTML response, but other parts of the page, particularly its images and videos, are requested by separate HTTP requests and responses. The more requests that must be made -- for example, to call a page that has numerous images -- the longer it will take the server to respond to those requests and for the user's system to load the page.

When these requests and responses are being sent, they use TCP/IP to reduce and transport information in small packets of binary sequences of ones and zeros. These packets are physically sent through electric wires, fiber optic cables and wireless networks.

HTTP vs. HTTPS

HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user HTTP page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle (MitM) attacks. HTTPS was developed by Netscape.

Migrating from HTTP to HTTPS is regarded as good for security.

Types of Status Codes

In response to HTTP requests, servers often issue response codes, indicating the request is being processed, that there was an error in the request or that the request is being redirected. Common response codes include:

  • 200 OK. This means that the request, such as GET or POST, worked and is being acted upon.
  • 300 Moved Permanently. This response code means that the URL of the requested resource has been changed permanently.
  • 401 Unauthorized. The client -- the user making the request of the server -- has not been authenticated.
  • 403 Forbidden. The client's identity is known but has not been given access authorization.
  • 404 Not Found. This is the most frequent and most recognized error code. It means that the URL is nor recognized or the resource at the location does not exist.
  • 500 Internal Server Error. The server has encountered a situation it doesn't know how to handle.
This was last updated in July 2020

Continue Reading About HTTP (Hypertext Transfer Protocol)

SearchCompliance

SearchSecurity

  • cyber attack

    A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to ...

  • backdoor (computing)

    A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.

  • post-quantum cryptography

    Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers ...

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

Close