Hypertext Transfer Protocol
|The TCP/IP model (RFC 1122)|
Hypertext Transfer Protocol (usually abbreviated to HTTP) is a communications protocol. It is used to send and receive webpages and files on the internet. It was developed by Tim Berners-Lee and is now coordinated by the W3C. HTTP version 1.1 is the most common used version today. It is defined in RFC 2616.
About half of websites already use its successor HTTP/2 (which almost all web browsers support), and 25% of websites already support its much faster proposed successor HTTP/3, which is close to being standardized.
The secure variant of HTTP is called HTTPS (Hypertext Transfer Protocol Secure), and is used by more than 79% of websites, such as payment websites (if it's not used, then it's a clear signal that the payment site is a scam).
HTTPS is used by default by most web browsers (even if not requested by the user), assuming the web server supports it. If browsing to a website, and the web browser shows it starting with
http: without an
s before the colon (or an unlocked icon is seen), then that website is not secure, then passwords or other data sent to them can be stolen. HTTPS encrypts all the information that is sent and received. This can stop malicious users such as hackers from stealing the information. HTTPS uses port 443 for communication instead of port 80.
HTTP works as such, a user agent, usually meaning the web browser, connects to a (web) server. A user agent could also be a web crawler, or so-called "spider", but most users do not use such tools (they are used be search engines, such as Google). The server must be located using a URL or URI. It normally connects to port 80 on a computer.
Request message[change | change source]
The request message (for HTTP/1.1 and older) contains the following (i.e. it's in plain text; no longer used with HTTP/2 and later):
- Request line, such as GET /images/logo.gif HTTP/1.1, which requests the file logo.gif from the /images directory
- Headers, such as Accept-Language: en
- An empty line
- An optional message body
The request line and headers must all end with two characters: a carriage return followed by a line feed, often written <CR><LF>. The empty line must consist of only <CR><LF> and no other whitespace. In the HTTP/1.1 protocol, all headers except Host: are optional.
A request line containing only the path name is accepted by servers to maintain compatibility with HTTP clients before the HTTP/1.0 standard.
References[change | change source]
- "Usage Statistics of Default protocol https for websites". w3techs.com. Retrieved 2022-05-05.