What Is HTTP Protocol?

Published May 21, 2024

HTTP (Hypertext Transfer Protocol) is the base of communication on the Web, allowing the transfer of hypermedia documents between web clients (browsers) and servers. This article will look at the inner workings of HTTP, explaining its client-server model, request and response formats, and its stateless nature. We will also examine the structure of HTTP requests and responses, including request methods, headers, and status codes, and discuss the changes in HTTP through its different versions, from HTTP/1.0 to the newer HTTP/2 and HTTPS. We will also look at how HTTP is used in web development, its role in building web applications, and its importance in creating RESTful APIs.

Key Takeaways

  • HTTP follows a client-server model, where the client sends a request to the server, and the server responds with the requested resource.
  • HTTP requests include components such as the method, URL, headers, and an optional body, while responses include a status code, headers, and an optional body.
  • HTTP request methods, such as GET, POST, PUT, and DELETE, indicate the action to be performed on the identified resource.
  • HTTP status codes, grouped into five classes (1xx, 2xx, 3xx, 4xx, 5xx), indicate the result of the HTTP request.
  • HTTP/2, released in 2015, introduces performance improvements like multiplexing, header compression, server push, and binary framing, while maintaining backward compatibility with HTTP/1.1.

What is HTTP?

HTTP (Hypertext Transfer Protocol) is a protocol that forms the foundation of communication on the World Wide Web. Its purpose is to transfer hypermedia documents, such as HTML pages, between web clients (browsers) and servers.

Client-Server Model

HTTP follows a client-server model, where the client sends a request to the server, and the server responds with the requested resource. The client is usually a web browser, and the server is a computer hosting a website. When you enter a URL in your browser's address bar, the browser sends an HTTP request to the server, which then sends back the requested web page as an HTTP response.

Here's an example of how the client-server model works:

  1. You enter https://www.example.com in your web browser.
  2. The browser (client) sends an HTTP request to the server hosting www.example.com.
  3. The server processes the request and sends back an HTTP response containing the HTML content of the requested web page.
  4. The browser receives the response and displays the HTML content for you to view.

HTTP Request and Response Format

HTTP uses a clear text format for requests and responses, making it easy for developers to understand and work with. Each HTTP request and response consists of a header and an optional body. The header contains data about the request or response, such as the content type, while the body contains the actual data being transferred.

An HTTP request usually includes the following components:

Component Description
Method The HTTP method (e.g., GET, POST, PUT, DELETE) indicates the action to be performed on the identified resource.
URL The Uniform Resource Locator (URL) identifies the resource being requested.
Headers Information about the request, such as the client's browser, accepted content types, and authentication details.
Body (optional) Data sent by the client to the server, usually used with POST and PUT requests.

An HTTP response includes the following components:

Component Description
Status Code A 3-digit number indicating the result of the request (e.g., 200 OK, 404 Not Found, 500 Internal Server Error).
Headers Information about the response, such as the content type, content length, and caching directives.
Body (optional) The requested resource data, such as an HTML page, JSON data, or binary data (images, videos, etc.).

Stateless Protocol

HTTP is a stateless protocol, which means that each request-response pair is independent of the previous or subsequent ones. This allows for scalability and flexibility in web applications, as servers can handle multiple requests from different clients simultaneously without having to keep track of previous interactions.

However, many web applications require maintaining state between requests, such as user authentication or shopping cart data. To address this, developers use techniques like cookies, sessions, and tokens to store and pass state information between the client and server.

HTTP Request Structure

An HTTP request has three main parts: the request method, headers, and body. These parts work together to tell the server what the client wants to do and give needed information to the server.

HTTP Request Methods

HTTP request methods, also known as HTTP verbs, show the action to be done on the resource. The most used HTTP methods are:

  1. GET: Gets a resource from the server. GET requests should only get data and not change it.

    • Example: Getting a web page, getting data from an API endpoint, or downloading a file.
    • Sample URL: https://api.example.com/users/123
  2. POST: Sends data to be processed by the server. This method is often used when making a new resource or sending data to a server.

    • Example: Sending a form, making a new user account, or posting a comment on a blog.
    • Sample URL: https://api.example.com/users
  3. PUT: Updates a resource on the server. If the resource does not exist, the server may make it.

    • Example: Updating a user's profile or replacing a document.
    • Sample URL: https://api.example.com/users/123
  4. DELETE: Removes a resource from the server.

    • Example: Deleting a user account, removing a blog post, or canceling an order.
    • Sample URL: https://api.example.com/users/123

Other less used HTTP methods include HEAD, OPTIONS, PATCH, and TRACE.

Method Description
HEAD Like GET, but returns only the headers and not the response body.
OPTIONS Describes the options for the target resource.
PATCH Partially changes a resource, as opposed to PUT which replaces the entire resource.
TRACE Echoes back the request to check if any changes were made by servers in between.

HTTP Request Headers

HTTP request headers let the client add more information about the request. Headers are key-value pairs that give metadata about the request and help the server know how to process it. Some common HTTP request headers are:

  1. User-Agent: Says the client application making the request, such as a web browser or mobile app.

    • Example: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
  2. Accept: Shows the acceptable content types for the response, such as text/html, application/json, or image/jpeg.

    • Example: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
  3. Content-Type: Says the type of data in the request body, such as application/x-www-form-urlencoded or application/json.

    • Example: Content-Type: application/json
  4. Authorization: Contains credentials to authenticate the client, such as a bearer token or basic authentication.

    • Example: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Other headers can give information about caching, cookies, and other parts of the request.

Header Description
Cache-Control Says caching instructions for the request/response chain.
Cookie Contains stored HTTP cookies previously sent by the server with the Set-Cookie header.
Referer Shows the address of the previous web page from which the current request came from.
If-Modified-Since Allows a 304 Not Modified to be returned if the content has not changed since the specified date.

HTTP Request Body

The HTTP request body contains data sent by the client to the server. It is typically used with POST and PUT requests to send data that will be added or updated on the server.

The request body can include various types of data, such as:

  1. Form data: Key-value pairs sent when submitting HTML forms.

    • Example: username=john_doe&password=secret
  2. JSON (JavaScript Object Notation): A lightweight data format commonly used in web APIs.

    • Example:
      {
        "name": "John Doe", 
        "age": 30,
        "email": "john@example.com"
      }
      
  3. XML (eXtensible Markup Language): A markup language for encoding documents in a format that is both human-readable and machine-readable.

    • Example:
      <user>
        <name>John Doe</name>
        <age>30</age>
        <email>john@example.com</email>
      </user>
      
  4. Binary data: Files, images, or other non-text data.

    • Example: Uploading a profile picture or a PDF document.

The Content-Type header is used to say the format of the data in the request body, so the server knows how to process it.

Content-Type Description
application/x-www-form-urlencoded URL-encoded form data, often used when submitting HTML forms.
application/json JSON-formatted data, commonly used in RESTful APIs.
application/xml XML-formatted data, used in some APIs and web services.
multipart/form-data Multi-part form data, used when uploading files or sending a mix of binary and text data in a single request.

HTTP Response Structure

The HTTP response structure has three main parts: the status line, headers, and the body. These parts work together to give the client the requested resource and provide more information about the response.

HTTP Status Codes

HTTP status codes are three-digit numbers that show the result of the HTTP request. They are grouped into five classes:

  1. 1xx (Informational): The request was received, and the server is continuing the process.

    • Example: 100 Continue, which means the client should continue with its request.
  2. 2xx (Successful): The request was successfully received, understood, and accepted.

    • Example: 200 OK, which means the request succeeded, and the requested resource is in the response body.
  3. 3xx (Redirection): Further action needs to be taken to complete the request.

    • Example: 301 Moved Permanently, which means the requested resource has been assigned a new permanent URL, and future references should use the new URL.
  4. 4xx (Client Error): The request contains bad syntax or cannot be fulfilled.

    • Example: 404 Not Found, which means the server could not find the requested resource.
  5. 5xx (Server Error): The server failed to fulfill an apparently valid request.

    • Example: 500 Internal Server Error, which means the server encountered an unexpected condition that prevented it from fulfilling the request.

Here are some common HTTP status codes and their descriptions:

Status Code Description
200 OK - The request succeeded, and the requested resource is in the response body.
201 Created - The request succeeded, and a new resource was created as a result.
301 Moved Permanently - The requested resource has been assigned a new permanent URL.
400 Bad Request - The server could not understand the request due to invalid syntax.
401 Unauthorized - The request requires user authentication.
403 Forbidden - The server understood the request but refuses to authorize it.
404 Not Found - The server could not find the requested resource.
500 Internal Server Error - The server encountered an unexpected condition that prevented it from fulfilling the request.

HTTP Response Headers

HTTP response headers provide more metadata about the response. They give information about the server, the response data, caching directives, and more. Some common HTTP response headers include:

  1. Content-Type: Specifies the media type of the response body, such as text/html, application/json, or image/jpeg.

    • Example: Content-Type: text/html; charset=UTF-8
  2. Content-Length: Indicates the size of the response body in bytes.

    • Example: Content-Length: 1024
  3. Cache-Control: Provides caching directives for the response, such as how long the response can be cached and by whom.

    • Example: Cache-Control: max-age=3600, public
  4. Set-Cookie: Sends cookies from the server to the client, which can be used to maintain state or track user sessions.

    • Example: Set-Cookie: session_id=abc123; Expires=Wed, 21 Oct 2023 07:28:00 GMT; Path=/

Here are some other common response headers and their descriptions:

Header Description
Server Identifies the server software handling the request.
Last-Modified Indicates the date and time when the resource was last modified.
ETag Provides a unique identifier for a specific version of a resource.
Content-Encoding Indicates the compression method used on the response body, such as gzip or deflate.
Content-Language Describes the natural language(s) of the intended audience for the response body.

Real-life example: When you download a file from a web server, the Content-Disposition header can be used to specify that the file should be downloaded instead of displayed in the browser. This header might look like: Content-Disposition: attachment; filename="example.pdf".

HTTP Response Body

The HTTP response body contains the actual data being sent back to the client. This can include various types of data, such as:

  1. HTML (Hypertext Markup Language): The standard markup language for creating web pages.

    • Example:
      <!DOCTYPE html>
      <html>
        <head>
          <title>Example Page</title>
        </head>
        <body>
          <h1>Hello, World!</h1>
          <p>This is an example HTML page.</p>
        </body>
      </html>
      
  2. JSON (JavaScript Object Notation): A lightweight data interchange format that is easy for humans to read and write and easy for machines to parse and generate.

    • Example:
      {
        "name": "John Doe",
        "age": 30,
        "email": "john@example.com"
      }
      
  3. Images: Binary data representing visual content, such as JPEG, PNG, or GIF files.

  4. Other data formats: XML, CSV, plain text, or any other data format supported by the server and client.

Real-life example: When you use a weather app on your smartphone, it likely sends an HTTP request to a weather API. The API's response body might contain JSON data with current weather information, such as temperature, humidity, and wind speed, which the app then parses and displays to you in a user-friendly format.

HTTP Versions and Features

HTTP has changed over time, with multiple versions released to improve performance, security, and functionality. The most used versions are HTTP/1.0, HTTP/1.1, and HTTP/2. Each version adds new features and optimizations to improve web communication.

HTTP/1.0 and HTTP/1.1

HTTP/1.0, released in 1996, added the basic request-response functionality that is the foundation of web communication. However, it had some limitations, such as needing a new TCP connection for each request, which could lead to performance issues.

HTTP/1.1, released in 1999, fixed many of the problems of HTTP/1.0 and added several new features:

  1. Persistent Connections: HTTP/1.1 added persistent connections, allowing multiple requests and responses to be sent over a single TCP connection. This reduced the overhead of making new connections for each request, improving performance.

    Example: A web page with 10 images using HTTP/1.0 would need 11 separate TCP connections (one for the HTML and one for each image), while HTTP/1.1 can load all resources using a single connection.

  2. Pipelining: HTTP/1.1 added support for pipelining, which lets clients send multiple requests without waiting for the previous responses. This can reduce latency and improve performance, especially for high-latency connections.

    Example: A client can send requests for multiple resources (e.g., CSS, JavaScript, images) quickly, and the server can process them at the same time, reducing the total load time.

  3. Improved Caching: HTTP/1.1 added new caching mechanisms, such as the Cache-Control and ETag headers, which provide better control over how responses are cached by clients and servers.

    Example: The Cache-Control: max-age=3600 header tells the client or servers to cache the response for up to one hour, reducing the need for repeated requests.

HTTP/1.1 is widely used and supports various performance optimizations, making it the most common version of HTTP used today.

HTTP/2

HTTP/2, released in 2015, is a major change to the HTTP protocol that focuses on improving performance and reducing latency. While HTTP/2 keeps the same semantics as HTTP/1.1, it adds several new features:

  1. Multiplexing: HTTP/2 allows multiple requests and responses to be sent at the same time over a single TCP connection. This eliminates the need for multiple connections and reduces the impact of network latency.

    Example: A web page with 50 resources can be loaded using a single connection, with requests and responses sent at the same time, resulting in faster page load times.

  2. Header Compression: HTTP/2 uses HPACK compression to reduce the overhead of sending redundant header information. This can significantly reduce the amount of data transferred, especially for requests with many headers.

    Example: Repeated headers like User-Agent, Accept, and Cookie can be compressed, reducing the total size of the request and response headers.

  3. Server Push: HTTP/2 adds server push, which lets servers send resources to clients before they are requested. This can improve performance by eliminating the need for clients to send separate requests for each resource.

    Example: When a client requests an HTML page, the server can push related CSS, JavaScript, and image files, removing the need for the client to discover and request these resources separately.

  4. Binary Framing: HTTP/2 uses a binary framing layer to wrap and send data, making it more efficient and less error-prone compared to the text-based format used in HTTP/1.1.

HTTP/2 is designed to be backward-compatible with HTTP/1.1, allowing servers to support both versions at the same time. Many modern web browsers and web servers support HTTP/2, and its use continues to grow as more websites and web applications take advantage of its performance benefits.

HTTPS (HTTP Secure)

HTTPS (HTTP Secure) is an extension of HTTP that uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) to make an encrypted connection between the client and the server. HTTPS provides several security benefits:

  1. Encryption: HTTPS encrypts all data sent between the HTTP client and the HTTP server, preventing unauthorized parties from reading sensitive information, such as passwords, credit card numbers, and personal data.

    Example: When submitting a login form over HTTPS, the username and password are encrypted, making it hard for attackers to steal the credentials even if they intercept the network traffic.

  2. Authentication: HTTPS lets clients check the identity of the server they are communicating with, preventing man-in-the-middle attacks and making sure that the server is real and not an imposter.

    Example: When connecting to a banking website, HTTPS checks that the client is communicating with the real bank server and not a fake server set up by attackers.

  3. Integrity: HTTPS checks that the data sent between the client and server is not changed or altered in transit, maintaining the integrity of the information.

    Example: When downloading a software update over HTTPS, the integrity of the downloaded file is checked, making sure that it has not been modified by attackers.

To enable HTTPS, servers must get an SSL/TLS certificate from a trusted Certificate Authority (CA). This certificate contains information about the server's identity and is used to make a secure connection with clients.

When an HTTP client connects to an HTTPS server, the server sends its SSL/TLS certificate to the client. The client checks the certificate's authenticity and, if valid, uses the public key in the certificate to make a secure, encrypted connection with the server.

HTTPS is important for protecting sensitive data and ensuring privacy and security on the web. It is widely used for e-commerce websites, online banking, and any other web applications that handle confidential information.

HTTP Version Key Features Benefits
HTTP/1.0 Basic request-response functionality Added the foundation for web communication
HTTP/1.1 Persistent connections, pipelining, improved caching Improved performance and fixed problems of HTTP/1.0
HTTP/2 Multiplexing, header compression, server push, binary framing Significantly improved performance and reduced latency
HTTPS Encryption, authentication, integrity Protects sensitive data and checks privacy and security

HTTP and Web Development

HTTP is the main protocol for communication between web browsers and servers. It is the foundation on which web developers build interactive and dynamic web applications.

Role of HTTP in web applications

HTTP is the primary protocol for communication between web browsers and servers. When a user interacts with a web application, their web browser sends HTTP requests to the server, which then processes the requests and sends back HTTP responses with the requested data or the result of an action.

Web developers use HTTP to:

  1. Get and show web pages: When a user goes to a web page, the web browser sends an HTTP GET request to the server, which responds with the HTML, CSS, and JavaScript files needed to show the page.

  2. Send and process form data: When a user submits a form, the web browser sends an HTTP POST request with the form data to the server. The server processes the data and sends back a response, such as a success message or a page with the results of the form submission.

  3. Verify users and manage sessions: HTTP requests and responses can include authentication tokens or session cookies to check a user's identity and keep their logged-in state across multiple pages.

  4. Allow server-side processing: Web applications often depend on server-side processing to do tasks such as getting data from databases, processing payments, or making dynamic content. HTTP requests trigger these server-side actions, and the results are sent back in HTTP responses.

HTTP libraries and tools

To work with HTTP in web development, programmers use various libraries and tools that make it easier to send HTTP requests and handle responses.

Popular HTTP libraries include:

  1. urllib (Python): A built-in Python library for making HTTP requests and handling responses.

    • Example: urllib.request.urlopen('https://api.example.com/data').read()
  2. HttpClient (Java): A Java library for sending HTTP requests and getting responses.

    • Example: HttpClient client = HttpClientBuilder.create().build();
  3. Axios (JavaScript): A promise-based HTTP client for JavaScript, used in both web browser and Node.js environments.

    • Example: axios.get('https://api.example.com/data').then(response => { ... })

In addition to libraries, web developers use tools like cURL and Postman to test and debug HTTP requests and responses:

  1. cURL: A command-line tool for sending HTTP requests and viewing responses.

    • Example: curl -X POST -H "Content-Type: application/json" -d '{"key": "value"}' https://api.example.com/endpoint
  2. Postman: A graphical user interface (GUI) tool for creating, sending, and organizing HTTP requests, as well as viewing and testing API responses.

Tool Purpose
urllib Making HTTP requests and handling responses in Python
HttpClient Sending HTTP requests and getting responses in Java
Axios Making HTTP requests and handling responses in JavaScript
cURL Testing and debugging HTTP requests from the command line
Postman Creating, sending, and organizing HTTP requests with a GUI

HTTP and RESTful APIs

HTTP is the foundation of RESTful (Representational State Transfer) APIs, which are widely used in web development to create scalable and maintainable web services. RESTful APIs use HTTP methods to perform CRUD (Create, Read, Update, Delete) operations on resources.

The main HTTP methods used in RESTful APIs are:

  1. GET: Gets a resource or a collection of resources.
  2. POST: Creates a new resource.
  3. PUT: Updates an existing resource.
  4. DELETE: Deletes a resource.

For example, consider an API for managing user accounts:

  • GET /users: Gets a list of all users.
  • GET /users/123: Gets the user with ID 123.
  • POST /users: Creates a new user account.
  • PUT /users/123: Updates the user with ID 123.
  • DELETE /users/123: Deletes the user with ID 123.

RESTful APIs typically use JSON (JavaScript Object Notation) or XML (eXtensible Markup Language) for data interchange between the client and the server. JSON has become the more popular choice due to its simplicity and native support in JavaScript.

Real-life example: Social media API

A social media platform might offer a RESTful API for developers to build third-party applications. The API could include endpoints for:

  • Getting user profiles (GET /users/{id})
  • Creating new posts (POST /posts)
  • Updating user information (PUT /users/{id})
  • Deleting comments (DELETE /posts/{postId}/comments/{commentId})

By following RESTful principles and leveraging HTTP methods, web developers can create APIs that are easy to understand, maintain, and scale. These APIs can be used by various clients, such as web browsers, mobile apps, or other web services, promoting interoperability and flexibility in web development.

HTTP Method Purpose Example
GET Get a resource or a collection of resources GET /users (get all users)
POST Create a new resource POST /posts (create a post)
PUT Update an existing resource PUT /users/123 (update user 123)
DELETE Delete a resource DELETE /posts/123 (delete post 123)