Hypertext Transfer Protocol

Hypertext Transfer Protocol (usually abbreviated to HTTP) is a communications protocol. It is used to send and receive webpages and files on the internet. It was developed by Tim Berners-Lee and is now coordinated by the W3C.

HTTP/1.1 is the most-used version today, and RFC 2616 completely explains how it should work. As of April 2023, about 39% of websites[1] already use the next version, HTTP/2 (which works in nearly all web browsers), and over 27% of websites[2] already work with the newest version, HTTP/3, which came out in 2022.[3] HTTP/3 is faster for most webpages in the real world. It is faster than both HTTP/2 and HTTP/1.1, sometimes more than three times as fast as HTTP/1.1.[4]

HTTPS

The secure variant of HTTP is called HTTPS (Hypertext Transfer Protocol Secure), and is used by more than 79% of websites,[1] such as payment websites (if it's not used, then it's a clear signal that the payment site is a scam).

HTTPS is used by default by most web browsers (even if not requested by the user), assuming the web server supports it. If browsing to a website, and the web browser shows it starting with http: without an s before the colon (or an unlocked icon is seen), then that website is not secure, then passwords or other data sent to them can be stolen. HTTPS encrypts all the information that is both sent and received. This can, therefore, stop malicious users such as hackers from stealing the information. HTTPS uses port 443 for communication instead of port 80.

HTTP works as such, a user agent, usually meaning the web browser, connects to a (web) server. A user agent could also be a web crawler, or so-called "spider", but most users do not use such tools (they are used by search engines, such as Google). The server must be located using a URL or URI. It normally connects to port 80 on a computer.

Request message

 
Tim Berners-Lee who developed http in 1995

The request message (for HTTP/1.1 and older) contains the following (i.e. it's in plain text; no longer used with HTTP/2 and later):

  • Request line, such as GET /images/logo.gif HTTP/1.1, which requests the file logo.gif from the /images directory
  • Headers, such as Accept-Language: en
  • An empty line
  • An optional message body

The request line and headers must all end with two characters: a carriage return followed by a line feed, often written <CR><LF>. The empty line must consist of only <CR><LF> and no other whitespace. In the HTTP/1.1 protocol, all headers except Host: are optional.

A request line containing only the path name is accepted by servers to maintain compatibility with HTTP clients before the HTTP/1.0 standard.

References

  1. 1.0 1.1 "Usage Statistics of Default protocol https for websites". w3techs.com. Retrieved 2022-05-05.
  2. "Usage Statistics of HTTP/3 for Websites, December 2023". w3techs.com. Retrieved 2023-12-13.
  3. HTTP/3. 6 June 2022. RFC 9114. http://tools.ietf.org/html/rfc9114. Retrieved 2022-06-06. 
  4. November 2021, Eric Brandes | 29. "HTTP/3 is Fast". Request Metrics. Retrieved 2023-12-13.