HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files, such as text, graphic images, sound, video, and other multimedia files, on the World Wide Web. As soon as a web user opens their web browser, the user is indirectly making use of HTTP. HTTP is an application protocol that runs on top of the TCP/IP suite of protocols (the foundation protocols for the Internet). The latest version of HTTP is HTTP/2, which was published in May 2015. It is an alternative to its predecessor, HTTP 1.1, but does not it make obsolete.
How HTTP works
As the Hypertext part of the name implies, HTTP concepts include the idea that files can contain references to other files whose selection will prompt additional transfer requests. In addition to the Web page files it can serve, any Web server machine contains an HTTP daemon, a program that is designed to wait for HTTP requests and handle them when they arrive. A web browser is an HTTP client, sending requests to server machines. When the browser user enters file requests by either "opening" a web file (typing in a URL) or clicking on a hypertext link, the browser builds an HTTP request and sends it to the Internet Protocol address (IP address) indicated by the URL. The HTTP daemon in the destination server machine receives the request and sends back the requested file or files associated with the request. As a note, a web page often consists of more than one file.
To expand on this example, a user wants to visit TechTarget.com. The user types in the Web address, and the computer sends a "GET" request to a server that hosts that address. That GET request is sent using HTTP and it is telling the TechTarget server that the user is looking for the HTML (Hypertext Markup Language) code used to structure and give the login page its look and feel. The text of that login page is included in the HTML response, but other parts of the page, particularly its images and videos, are requested by separate HTTP requests and responses. The more requests that must be made -- for example, to call a page that has numerous images -- the longer it will take the server to respond to those requests and for the user's system to load the page.
When these requests and responses are being sent, they use TCP/IP to reduce and transport information in small packets of binary sequences of ones and zeros. These packets are physically sent through electric wires, fiber optic cables and wireless networks.
HTTP vs. HTTPS
HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user HTTP page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle (MitM) attacks. HTTPS was developed by Netscape.
Migrating from HTTP to HTTPS is regarded as good for security.
Types of Status Codes
In response to HTTP requests, servers often issue response codes, indicating the request is being processed, that there was an error in the request or that the request is being redirected. Common response codes include:
- 200 OK. This means that the request, such as GET or POST, worked and is being acted upon.
- 300 Moved Permanently. This response code means that the URL of the requested resource has been changed permanently.
- 401 Unauthorized. The client -- the user making the request of the server -- has not been authenticated.
- 403 Forbidden. The client's identity is known but has not been given access authorization.
- 404 Not Found. This is the most frequent and most recognized error code. It means that the URL is nor recognized or the resource at the location does not exist.
- 500 Internal Server Error. The server has encountered a situation it doesn't know how to handle.