Http

Fundamental protocol for distributed, collaborative, hypermedia information systems on the World Wide Web

Overview and History

Definition

HTTP (Hypertext Transfer Protocol): application layer protocol facilitating communication between web clients and servers. Enables transfer of hypermedia documents such as HTML.

Historical Context

Invented by Tim Berners-Lee in 1989-1991. Initially HTTP/0.9, evolved through HTTP/1.0, HTTP/1.1, HTTP/2, and HTTP/3. Standardized by IETF in RFCs.

Purpose

Designed for distributed, collaborative, hypermedia information systems. Foundation of data communication for the World Wide Web.

Architecture and Operation

Client-Server Model

Client initiates requests; server processes and returns responses. Communication follows request-response paradigm over TCP/IP.

Connection Types

Initially connectionless (HTTP/0.9), then persistent connections introduced (HTTP/1.1) for efficiency. HTTP/2 multiplexes streams over a single connection.

Transport Layer

HTTP operates above TCP (Transmission Control Protocol), ensuring reliable delivery of messages.

HTTP Request Methods

GET

Retrieve resource identified by URI. Safe, idempotent, cacheable.

POST

Submit data to be processed to the server. Non-idempotent, used for form submissions, file uploads.

PUT and DELETE

PUT: replace resource at URI; DELETE: remove resource. Both idempotent.

HEAD and OPTIONS

HEAD: identical to GET but without response body. OPTIONS: discover communication options supported by the server.

TRACE and CONNECT

TRACE: diagnostic method echoing received request. CONNECT: establish tunnel, typically for SSL through proxies.

HTTP Status Codes

Classification

Grouped by first digit: 1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error.

Common Codes

200 OK, 301 Moved Permanently, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 500 Internal Server Error.

Purpose

Communicate outcome of client request. Guide client on subsequent actions.

Status CodeMeaning
200OK - Request succeeded
404Not Found - Resource unavailable
500Internal Server Error - Server failure

HTTP Headers

Definition

Key-value pairs in request/response messages. Control message interpretation and handling.

General Headers

Apply to both request and response: Cache-Control, Connection, Date, Pragma.

Request Headers

Include Accept, Host, User-Agent, Authorization, Cookie.

Response Headers

Include Server, Set-Cookie, Location, Content-Type, Content-Length.

Entity Headers

Describe body content: Content-Encoding, Content-Language, Content-Length, Content-Type.

HTTP Message Format

Request Message

Consists of request line, headers, blank line, optional message body.

Response Message

Status line, headers, blank line, optional message body.

Request Line Structure

Method SP Request-URI SP HTTP-Version CRLF

Status Line Structure

HTTP-Version SP Status-Code SP Reason-Phrase CRLF

Example

GET /index.html HTTP/1.1Host: www.example.comUser-Agent: Mozilla/5.0<HTML content>

Statelessness and State Management

Stateless Protocol

Each HTTP request independent; no inherent session state preserved by server.

Implications

Simplifies server design; limits ability to track user interactions across requests.

State Management Techniques

Cookies, URL rewriting, hidden form fields, Web Storage API.

Cookies

Small data stored on client, sent with requests to maintain session state.

Session Tracking

Server associates client with session identifier via cookies or URL parameters.

Security Extensions (HTTPS)

HTTPS Definition

HTTP over TLS/SSL. Encrypts data exchanged, ensures confidentiality, integrity, authentication.

TLS Handshake

Establishes secure session keys prior to HTTP data transfer.

Certificate Authorities

Trusted third parties verify server identity with digital certificates.

Security Benefits

Protects against eavesdropping, man-in-the-middle attacks, data tampering.

Implementation

Uses port 443 by default; browser URL bar indicates secure connection.

Performance and Optimization

Persistent Connections

Reduce overhead by reusing TCP connections for multiple requests/responses.

Pipelining

Allow multiple HTTP requests to be sent without waiting for responses (limited use).

Compression

Use of Content-Encoding (gzip, deflate) to reduce payload size.

Caching

Headers control client and proxy caching to minimize redundant data transfer.

Content Delivery Networks (CDNs)

Distribute resources geographically to reduce latency and bandwidth usage.

HTTP/2 and HTTP/3 Enhancements

HTTP/2 Features

Multiplexing: multiple streams on single TCP connection. Header compression (HPACK).

Server Push

Server preemptively sends resources client likely needs, reducing round trips.

Binary Framing

Replaces textual format with binary for efficiency and parsing speed.

HTTP/3 Innovations

Uses QUIC transport over UDP for reduced latency, improved connection migration.

Impact on Web Performance

Faster page loads, improved resource utilization, better resilience to network changes.

Common Uses and Applications

Web Browsing

Primary protocol for fetching HTML pages, images, scripts, stylesheets.

APIs and Web Services

RESTful APIs use HTTP methods for CRUD operations on resources.

Content Delivery

Streaming media, downloading files, web application data exchange.

Proxy Servers and Gateways

Intermediate devices use HTTP for caching, filtering, load balancing.

Remote Procedure Calls (RPC)

HTTP as transport for protocols like SOAP enabling distributed computing.

Comparison with Other Protocols

FTP vs HTTP

FTP: file transfer protocol with stateful sessions. HTTP: stateless, focused on hypermedia.

HTTPS vs HTTP

HTTPS adds security layer; HTTP is plaintext.

WebSocket vs HTTP

WebSocket provides persistent, full-duplex communication; HTTP is request-response.

gRPC vs HTTP

gRPC uses HTTP/2 as transport; supports binary serialization and streaming.

REST vs SOAP

REST uses HTTP methods and URIs; SOAP relies on XML messaging over HTTP or other protocols.

ProtocolMain UseStateSecurity
HTTPWeb communicationStatelessOptional (HTTPS)
FTPFile transferStatefulLimited
WebSocketBidirectional communicationStatefulSupports TLS

References

  • Fielding, R., et al., "Hypertext Transfer Protocol -- HTTP/1.1," RFC 2616, IETF, 1999, pp. 1-94.
  • Belshe, M., Peon, R., Thomson, M., "Hypertext Transfer Protocol Version 2 (HTTP/2)," RFC 7540, IETF, 2015, pp. 1-83.
  • Langley, A., et al., "The QUIC Transport Protocol: Design and Internet-Scale Deployment," ACM SIGCOMM Computer Communication Review, vol. 47, no. 4, 2017, pp. 183-196.
  • Rescorla, E., "HTTP Over TLS," RFC 2818, IETF, 2000, pp. 1-16.
  • Fielding, R., "Architectural Styles and the Design of Network-based Software Architectures," PhD Dissertation, University of California, Irvine, 2000, pp. 1-160.