You might have noticed URLs starting with http:// or https:// ( e.g. https://www.google.com) when browsing the web. What does it signify and what does it mean?

The Internet relies on various protocols to facilitate communication and data exchange. Among these protocols, HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are fundamental to how web pages are accessed and displayed. Yes, the ‘S’ is secure in HTTPS, representing a significant upgrade in security and privacy.

What is HTTP?

HTTP (HyperText Transfer Protocol) is simply a set of rules to transfer data from one computer to another. Data such as text, image, and Hypertext (links pointing to another document). HTTP provides a standard between a web browser and a web server to establish communication.

HTTP is an application-layer protocol, part of the Internet Protocol Suite, which defines how data is formatted and transmitted between servers and clients. It provides a standard between a web browser and a web server to establish communication.

Key Features of HTTP:

Stateless: HTTP is stateless, meaning each request from a client to a server is independent and unrelated to previous requests. This ensures simplicity but can lead to inefficiencies in some cases.

Ex: Every time you visit a page you are a new user.
Client-Server Architecture: HTTP follows a client-server model where the client (usually a web browser) sends requests to the server, and the server responds with the requested resources (such as web pages, images, or other files).
Methods: HTTP defines various methods, such as GET, POST, PUT, DELETE, and PATCH, to perform different actions on the web resources.

How HTTP Works:

Client Request: The client initiates a connection to the server and sends an HTTP request for a specific resource.
Server Response: The server processes the request and responds with the requested resource, along with a status code indicating the outcome (e.g., 200 OK, 404 Not Found).
Transmission: The server returns the data which the client requested or an error message. This takes place over the internet using port 80 by default. Although the data is transmitted in plain text, which can be intercepted or tampered with by malicious actors.

HTTP Methods and Their Use Cases

HTTP methods, also known as HTTP verbs, define the actions to be performed on a given resource. Here are some common HTTP methods and their use cases:

GET - Retrieve Data

The GET method requests the representation of a specified resource. It is used to get data from specific resources.
Use case:- The GET request is used when we searching for information or fetching web pages or loading images, videos, or data in the browser.

POST - Send Data to Server

The POST method request is used to submit the data to a server for processing or for storage. The data is sent to the request body. POST is useful in sending large amounts of data or sensitive information.
Use Case:- Send data to the server to create a new resource. Example: Submitting a form or adding a new record to a database.

PUT - Update Existing Data

The PUT method request is used to Update or replace a resource on the specified URL or you can say server. PUT also creates a new resource if the requested resource doesn’t exist.
Use Case:- Used when we are performing tasks like profile updates or overwriting a file.

DELETE - Remove Data

The DELETE method request is used when we have to remove a particular resource at the specified URL.
Use Case:- Used when we perform actions like deleting an account or canceling a subscription.

What is HTTPS?

HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of HTTP, adding a layer of encryption to protect data during transmission. It employs SSL (Secure Sockets Layer) or its successor, TLS (Transport Layer Security), to encrypt the data exchanged between the client and the server. We will learn about SSL/TLS later in this article.

Key Features of HTTPS:

Encryption: HTTPS encrypts all message substance, including the HTTP headers and the request/response data, making it unreadable to anyone who intercepts the transmission. This ensures confidentiality and integrity.
Authentication: HTTPS uses digital certificates to verify the identity of the server, ensuring that clients are communicating with legitimate servers. The verification perspective of HTTPS requires a trusted third party to sign server-side digital certificates.
Data Integrity: HTTPS ensures that the data sent and received has not been altered during transmission, protecting against data tampering.

How HTTPS Works:

SSL/TLS Handshake: The client and server perform an SSL/TLS handshake to establish a secure connection. During this process, they agree on encryption algorithms and exchange digital certificates.
Client Request: Once the secure connection is established, the client sends an encrypted HTTP request.
Server Response: The server processes the request and responds with the encrypted data, ensuring that only the client can decrypt and read the response.

Evolution of HTTP

HTTP was developed by Tim Berners-Lee and his team between 1989 and 1991, it has been constantly changing and upgrading since then. In 1989, while working at CERN, Tim Berners-Lee proposed a hypertext system over the Internet, which later became known as the World Wide Web.

HTTP/0.9 – The One-Line Protocol

The initial version of HTTP, now referred to as HTTP/0.9, was extremely simple. It consisted of single-line requests using the GET method and responses that only included the requested file content. There were no headers, status codes, or error messages, making it suitable only for transmitting HTML files.

HTTP/1.0 – Building Extensibility

HTTP/0.9's limitations led to the development of HTTP/1.0, which brought substantial improvements. These included the introduction of versioning information in requests, status code lines in responses for enhanced error handling, HTTP headers for transmitting metadata, and the ability to send non-HTML documents using the Content-Type header.

HTTP/1.1 – The Standardized Protocol

Standardization efforts led to the release of HTTP/1.1. These included reusable connections for time-saving, pipelining to reduce latency, support for chunked responses, improved cache control mechanisms, content negotiation capabilities for language, encoding, and type, and the Host header to enable multiple domains on a single IP address.

HTTP/2 – A protocol for greater performance

The HTTP/2 protocol differs from HTTP/1.1 in a few ways:

It's a binary protocol rather than a text protocol. It can't be read and created manually. Despite this hurdle, it allows for the implementation of improved optimization techniques.
It's a multiplexed protocol. Parallel requests can be made over the same connection, removing the constraints of the HTTP/1.x protocol.
It compresses headers. As these are often similar among a set of requests, this removes the duplication and overhead of data transmitted.

HTTP Status Codes

HTTP status codes are a way for the server to communicate with the client about the outcome of an HTTP request. They are divided into five classes, each with a specific range and meaning.

Here are the categories and some common examples:

Informational responses (ranging from 100-199):- These codes indicate that the request was received and understood and that the client should continue with the request or ignore it if it is already finished.
Successful responses (ranging from 200-299):- These codes indicate that the request was successfully received, understood, and accepted.
Redirection messages (ranging from 300-399):- These codes indicate that the client must take additional action to complete the request.
Client error responses (ranging from 400-499):- These codes indicate that there was an error with the client's request.
Server error responses (ranging from 500-599):- These codes indicate that the server failed to fulfill a valid request.

Commonly Used HTTP Codes

200 OK: The request was successful, and the server has sent back the requested data.
400 Bad Request: The request is invalid or malformed.
401 Unauthorized: Authentication is required to access the resource.
403 Forbidden: The server understands the request but refuses to authorize it.
500 Internal Server Error: The server encountered an error while processing the request.

The Role of SSL/TLS in Protecting Data Online

Secure Sockets Layer (SSL) is a communication protocol, that creates a secure connection between two devices on a network. It’s important to establish trust and authenticate the other party before you share credentials or data over the internet.

However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities. TLS authenticates more efficiently and continues to support encrypted communication channels.

Let's break down their role in online security:

Confidentiality

SSL/TLS encrypts the data transmitted between the client and server, making it unreadable to anyone who intercepts the communication. This encryption ensures that sensitive information, such as personal details, credit card numbers, and login credentials, cannot be accessed by unauthorized parties.

Integrity

SSL/TLS protocols ensure that the data sent and received has not been tampered with during transmission. They use message authentication codes (MACs) to verify the integrity of the data, ensuring that it remains unchanged from its original form. If any alteration is detected, the connection is terminated.

Authentication

SSL/TLS uses digital certificates to authenticate the identity of the communicating parties. When a user connects to a secure website, the server presents its SSL/TLS certificate, which is verified by the client's browser against trusted certificate authorities (CAs). This verification ensures that the user is communicating with the intended server and not an imposter.

HTTP and HTTPS Explained: Key Features and Benefits

Table of contents