The web uses multiple protocols to communicate. The most important and visible protocols are HTTP and HTTPS. HTTP stands for HyperText Transfer Protocol, and it is the application protocol used by the web. HTTP allows browsers (clients) and web servers to communicate and exchange web objects, such as HTML pages, images, videos, etc.
HTTP is based on a client/server model, where the client initiates a TCP connection to the server on port 80, and sends an HTTP request message. The server responds with an HTTP response message, containing the requested web object or an error code. The TCP connection is then closed, unless the client and server agree to keep it open for further requests.
There are two types of HTTP connections:
Non-Persistent HTTP: At most one object is sent over a TCP connection. The connection is then closed. Downloading multiple objects requires multiple connections.
Persistent HTTP: Multiple objects can be sent over a single TCP connection between the client and the server.
HTTP is a stateless protocol, meaning that the server does not maintain any information about past client requests. Each request is treated independently and has no relation to previous or future requests.
HTTP requests and responses have a similar structure: a start line, followed by zero or more headers, a blank line, and an optional message body. The start line contains the HTTP method (such as GET, POST, PUT, DELETE, etc.), the URI (Uniform Resource Identifier) of the requested resource, and the HTTP version. The headers provide additional information about the request or response, such as the content type, content length, date, server name, etc. The message body contains the actual data of the request or response, such as HTML code, form data, image data, etc.
HTTP supports different methods for different purposes. The most common ones are:
GET: Retrieve static or dynamic content from the server.
POST: Send content to the server through the request body, usually for processing or storing data.
HEAD: Fetch only the headers of a response, without the message body. This can be used to check if a resource exists or has been modified.
OPTIONS: Get information about the server or a specific resource, such as the supported methods or formats.
PUT: Write a file or resource to the server, replacing any existing one with the same URI.
DELETE: Delete a file or resource from the server.
HTTP also defines various status codes to indicate the outcome of a request. The status codes are three-digit numbers, where the first digit specifies the general category of the status:
1xx: Informational. The request was received and is being processed.
2xx: Success. The request was handled successfully and the response contains the expected data.
3xx: Redirection. The client needs to perform additional actions to complete the request, such as following a new URI.
4xx: Client error. The request was invalid or cannot be fulfilled by the server.
5xx: Server error. The server encountered an internal error or failed to handle the request.
HTTP is a simple but powerful protocol that enables the web to function as we know it today. However, HTTP also has some limitations and security risks that need to be addressed. For example, HTTP messages are sent in plain text over the network, which makes them vulnerable to eavesdropping, tampering, or spoofing by malicious parties. To overcome this problem, HTTPS (HTTP Secure) was developed as an extension of HTTP that uses encryption and authentication to protect the data in transit.