Intro To Http and Https

Intro To Http and Https

HTTP stands for hypertext transfer protocol and is used to transfer data across the Web. It's the communication protocol you use when you browse the web.

At a fundamental level, when you visit a website, your browser makes an HTTP request to a server. Then that server responds with a resource (an image, video, or the HTML of a web page) - which your browser then displays for you.

There have been several versions of HTTP starting with the original 0.9 version. The current version is 2.0.

How Does It work?

Like most Internet protocols, HTTP is a command-and-response text-based protocol using a client-server communications model.

The client makes a request and the server responds. The HTTP protocol is also a stateless protocol meaning that the server isn’t required to store session information, and each request is independent of the other. This means:

  • All requests originate at the client ( your browser)

  • The server responds to a request.

  • The requests(commands) and responses are in readable text.

  • The requests are independent of each other and the server doesn’t need to track the requests

URLs

The URL (Uniform Resource Locator) is probably the most known concept of the Web. It is also one of the most important and useful concepts. A URL is a web address used to identify resources on the Web.

Protocol:  Most often they are HTTP (or HTTPS for a secure version of HTTP).

Domain: Name that is used to identify one or more IP addresses where the resource is located.

Path: Specifies the resource location on the server.

Parameters: Additional data used to identify or filter the resource on the server.

HTTP Requests

In HTTP, every request must have an URL address. Additionally, the request needs a method. The four main HTTP methods are:

  • GET

  • PUT

  • POST

  • DELETE

And these methods directly correspond to actions:

  • read

  • update

  • create

  • delete

We will study these methods, and more, in the HTTP Methods section. There are also some other interesting things in an HTTP request:

Referrer header: tells the URL from where the request has originated.

User-Agent header:  additional information about the browser being used to generate the request.

Host header:  uniquely identifies a hostname; it is necessary when multiple web pages are hosted on the same server.

Cookie header:  submits additional parameters to the client.

HTTP Response Codes

Response Status codes are split into 5 groups each group has a meaning and a three-digit code.

  • 1xx – Informational

  • 2xx – Successful

  • 3xx -Multiple Choice

  • 4xx– Client Error

  • 5xx -Server Error

For example, a successful page request will return a 200 response code and an unsuccessful 400 response code.

Here is the complete list:

HTTP Methods

The most common methods are GET and POST. But there are a few others, too.

GET:  You use this method to request data from a specified resource where data is not modified in any way. GET requests do not change the state of the resource.

POST: You use this method to send data to a server to create a resource.

PUT: You use this method to update the existing resource on a server by using the content in the body of the request. Think of this as a way to "edit" something.

PATCH: You use this method to apply partial modifications to a resource.

DELETE: You use this method to delete the specified resource.

HTTPS (Hypertext Transfer Protocol Secure)

-> Now let's take a look at HTTPS://

The secure version of the HTTP protocol is Hypertext Transfer Protocol Secure (HTTPS). HTTPS provides encrypted communication between a browser (client) and the website (server).

In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or Secure Sockets Layer (SSL).

The protocol is therefore also often called HTTP over TLS, or HTTP over SSL.

Both the TLS and SSL protocols use an asymmetric encryption system. Asymmetric encryption systems use a public key (encryption key) and a private key (decryption key) to encrypt a message.

Anyone can use the public key to encrypt a message. However, private keys are secret, and that means that only the intended receiver can decrypt the message.

SSL/TLS handshake

When you request an HTTPS connection to a website, the website sends its SSL certificate to your browser. That process where your browser and website initiate communication is called the “SSL/TLS handshake.”

The SSL/TLS handshake involves a series of steps where the browser and website validate each other and start communication through the SSL/TLS tunnel.

As you probably noticed, when a trusted secure tunnel is used during an HTTPS connection, the green padlock icon is displayed in the browser's address bar.

Benefits of HTTPS

The major benefits of HTTPS are:

  • Customer information, like credit card numbers and other sensitive information, is encrypted and cannot be intercepted.

  • Visitors can verify you are a registered business and that you own the domain.

  • Customers know they are not supposed to visit sites without HTTPS, and therefore, they are more likely to trust and complete purchases from sites that use HTTPS.