No matter if  you are a website owner or an ordinary user, the one word you might come across browsing the internet is HTTP.  So, what is HTTP? How the Internet works and what happens between your browser and the web server? Here is a 1-0-1 guide attempting to explain the basics.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It is the underlying protocol of the World Wide Web. In 1990 Tim Berners-Lee, also known as the Father of Internet, developed it with the original purpose to have a fast and reliable information exchange between scientists working in different parts of the world. 

How it works

When you enter http:// in your address bar in front of the domain, it tells the browser to use HTTP for connection. HTTP itself uses TCP (Transmission Control Protocol), generally over port 80, to send and receive data packets over the web. To put it simply it is a protocol that's used by a client and server which allows you to communicate with other websites. The client sends a request message to an HTTP server (after the TCP handshake) which hosts a website, the server then replies with the response message. The response message contains completion status information, such as HTTP/1.1 200 OK.

Key points of HTTP

  • HTTP is an application layer protocol.
  • The hostname in the request is case insensitive.
  • The standardization of the HTTP protocol is coordinated by
  • the World Wide Web Consortium and the Internet Engineering Task Force.
  • HTTP allows for improvement of its request and response (for example with the help of a gateway, a proxy, or a tunnel).
  • Anything requested with HTTP protocol is made available with the help of a type of URL (Uniform Resource Locator).
  • A series of HTTP requests and responses is called a HTTP session.
  • HTTP version 0.9 was the first ever version of HTTP.
  • HTTP is a stateless protocol (meaning that every connection is independent of each other).

HTTP Request Structure

A simple request from a client computer consists of:
  • A request line to get a required resource, for example a request GET /content/page1.html is requesting a resource called /content/page1.html from the server.
  • Headers.
  • An empty line.
  • A message body (optional).
All the lines should end with a carriage return and line feed. The empty line should only contain carriage return and line feed without any spaces.

HTTP Response Structure

A simple response from the server contains the following:
  • HTTP Status Code (For example HTTP/1.1 301 Moved Permanently, meaning that the requested resource was permanently moved and redirected to some other resource).
  • Headers. 
  • An empty line.
  • A message body which is optional.
All the lines in the server response should end with a carriage return and line feed. Similar to request, the empty line in a response also should only have carriage return and line feed without any spaces.

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure (also referred to as HTTP over TLS or HTTP over SSL). When you enter https:// in your address bar in front of the domain, it tells the browser to connect over HTTPS. Generally sites running over HTTPS will have a redirect in place so even if you type in http:// it will redirect to deliver over a secured connection. HTTPS also uses TCP (Transmission Control Protocol) to send and receive data packets, but it does so over port 443, within a connection encrypted by Transport Layer Security (TLS).

What is the difference between HTTP and HTTPS?

Below are some of the key differences between the HTTP and HTTPS protocols:
  1. HTTP is unsecured while HTTPS is secured.
  2. HTTP sends data over port 80 while HTTPS uses port 443.
  3. HTTP operates at the application layer, while HTTPS operates at the transport layer.
  4. No SSL certificates are required for HTTP, while HTTPS requires that you have an SSL certificate and it is signed by a CA.
  5. HTTP doesn't require domain validation, whereas HTTPS requires at least domain validation and certain certificates even require legal document validation.
  6. No encryption in HTTP, while in HTTPS all the data is encrypted before sending.

Evolution of HTTP

Over the decades, web pages became more complex. Some of them we can even call applications in their own right. There are far more visual media than before with increasing volume and script size interactivity. Much more data was transmitted over significantly more HTTP requests creating more complexity and overhead for HTTP/1.1 connections. In order to solve this, Google implemented an experimental protocol SPDY in the early 2010s. This new way of exchanging data between client and server gained interest from developers working on both browsers and servers. This resulted in SPDY increasing the responsiveness and solving the data duplication problems, serving as the foundation for the HTTP/2 protocol.


HTTP/2 and HTTP/3

Officially standardized in May 2015, HTTP/2 was a huge success. By July 2016 (in less than a year) more than 68% of all web requests used HTTP/2 protocol. High-traffic websites were the fastest to adopt it in order to save on data transfer overhead and subsequent budgets. 

The next major version of HTTP, HTTP/3, will use QUIC instead TCP/TLS for the transport layer portion.