Hypertext Transfer Protocol (HTTP)

# Hypertext Transfer Protocol (HTTP) HTTP (Hypertext Transfer Protocol) is the application-layer protocol that powers the World Wide Web, defining how messages are formatted and transmitted between clients (browsers) and servers. Developed by [[Tim Berners-Lee]] at CERN alongside [[Hypertext Markup Language (HTML)]], HTTP enables the request-response cycle that retrieves web pages, images, APIs, and all web resources. It operates on top of TCP/IP and, in its secure form (HTTPS), uses TLS encryption. HTTP is stateless—each request is independent, with no memory of previous interactions. This simplicity enabled the web's massive scale but requires mechanisms like cookies and sessions for maintaining user state. The protocol has evolved significantly: HTTP/1.0 (1996) established basics, HTTP/1.1 (1997) added persistent connections, HTTP/2 (2015) introduced multiplexing, and HTTP/3 (2022) uses QUIC over UDP for better performance. Understanding HTTP is essential for web development, API design, and debugging network issues. ## HTTP Request-Response Cycle ``` ┌────────────────────┐ ┌────────────────────┐ │ CLIENT │ │ SERVER │ │ (Browser) │ │ (Web Server) │ ├────────────────────┤ ├────────────────────┤ │ │ HTTP Request │ │ │ 1. User clicks │ ─────────────────▶ │ 2. Server │ │ link │ GET /page.html │ processes │ │ │ Host: site.com │ request │ │ │ │ │ │ 4. Browser │ HTTP Response │ 3. Server sends │ │ renders │ ◀───────────────── │ response │ │ page │ 200 OK │ │ │ │ <html>...</html> │ │ └────────────────────┘ └────────────────────┘ ``` ## HTTP Methods | Method | Purpose | Idempotent | Safe | |--------|---------|------------|------| | **GET** | Retrieve resource | Yes | Yes | | **POST** | Create resource | No | No | | **PUT** | Replace resource | Yes | No | | **PATCH** | Partial update | No | No | | **DELETE** | Remove resource | Yes | No | | **HEAD** | GET without body | Yes | Yes | | **OPTIONS** | Supported methods | Yes | Yes | ## HTTP Status Codes | Range | Category | Examples | |-------|----------|----------| | **1xx** | Informational | 100 Continue | | **2xx** | Success | 200 OK, 201 Created, 204 No Content | | **3xx** | Redirection | 301 Moved, 302 Found, 304 Not Modified | | **4xx** | Client Error | 400 Bad Request, 401 Unauthorized, 404 Not Found | | **5xx** | Server Error | 500 Internal Error, 502 Bad Gateway, 503 Unavailable | ## HTTP Headers | Header | Purpose | Example | |--------|---------|---------| | **Content-Type** | Media type | `application/json` | | **Authorization** | Authentication | `Bearer token123` | | **Cache-Control** | Caching rules | `max-age=3600` | | **Accept** | Preferred response type | `text/html` | | **Cookie** | Session data | `session=abc123` | | **User-Agent** | Client identifier | `Mozilla/5.0...` | | **Content-Length** | Body size | `1234` | ## HTTP Versions | Version | Year | Key Features | |---------|------|--------------| | **HTTP/0.9** | 1991 | Simple GET only | | **HTTP/1.0** | 1996 | Headers, methods, status codes | | **HTTP/1.1** | 1997 | Persistent connections, chunked transfer | | **HTTP/2** | 2015 | Multiplexing, header compression, server push | | **HTTP/3** | 2022 | QUIC (UDP), improved latency | ## HTTP/1.1 vs HTTP/2 vs HTTP/3 ``` HTTP/1.1: Sequential requests ┌──────┐ ┌──────┐ ┌──────┐ │ Req1 │──│ Req2 │──│ Req3 │──▶ (head-of-line blocking) └──────┘ └──────┘ └──────┘ HTTP/2: Multiplexed streams (TCP) ┌──────────────────────────────┐ │ Stream 1 ─┬─ Stream 2 ─┬─── │──▶ (single TCP connection) │ └────────────┘ │ └──────────────────────────────┘ HTTP/3: Multiplexed over QUIC (UDP) ┌──────────────────────────────┐ │ Stream 1 ─┬─ Stream 2 ─┬─── │──▶ (no head-of-line blocking) │ (independent streams) │ └──────────────────────────────┘ ``` ## HTTPS (HTTP Secure) | Aspect | Description | |--------|-------------| | **Protocol** | HTTP over TLS | | **Port** | 443 (vs 80 for HTTP) | | **Encryption** | Data encrypted in transit | | **Authentication** | Server identity verified via certificate | | **Integrity** | Data cannot be modified in transit | ## Common Request Example ```http GET /api/users/123 HTTP/1.1 Host: api.example.com Accept: application/json Authorization: Bearer eyJhbGciOiJIUzI1NiIs... Cache-Control: no-cache ``` ## Common Response Example ```http HTTP/1.1 200 OK Content-Type: application/json Content-Length: 85 Cache-Control: max-age=3600 {"id": 123, "name": "Alice", "email": "[email protected]"} ``` ## References - https://en.wikipedia.org/wiki/HTTP - https://developer.mozilla.org/en-US/docs/Web/HTTP - RFC 7230-7235 (HTTP/1.1) - RFC 7540 (HTTP/2) - RFC 9114 (HTTP/3) ## Related - [[Hypertext Markup Language (HTML)]] - [[Hypertext]] - [[Hypermedia]] - [[TCP IP]]