Open in app

Sign in

Write

Sign in

HTTP

Broken Code
6 min readAug 17, 2024

--

HTTP stands for HyperText Transfer Protocol. It is an application layer protocol which is used for communication between web clients (browsers) and web servers. HTTP uses TCP port number 80 for communicaton and all information is exchanged in clear text which makes it unsecure for usage.

Process:

  • A client sends HTTP request to the web server
  • Web server receives the request
  • The server processes the request
  • The server then returns HTTP response to the client
  • The client receives the response.

HTTPS: HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. The difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP traffic. HTTPS not only stops people from seeing the data that is being transmitted and received, but also gives assurances that one is connected to the correct web server and not something impersonating it. HTTPS uses TCP port number 443.

In HTTP, URL begins with “http://” while in HTTPS, URL starts with “https://”

HTTP Methods:

There are 9 different HTTP verbs (methods). Each one has a different function. Some of the common HTTP methods are:

GET Request: This is used for getting information from a web server.

POST Request: This is used for submitting data to the web server and potentially creating new records each time the requested is submitted. POST method is not idempotent.

PUT Request: This is used for submitting data to a web server to update information (or create a new resource if not already present). When you send a PUT request, the server expects you to include all the information for the resource, even if you only want to update a small part of it. If you leave something out, that part of the resource will be erased or set to default.

DELETE Request: This is used for deleting information/records from a web server.

PATCH Request: It is used to apply partial modifications to an existing resource. With PATCH, you only include the fields you want to update. The rest of the resource remains unchanged.

The difference between the PUT and PATCH methods is that PUT sends data to update the entire resource, while PATCH sends partial data to update only specific parts of the resource without modifying the whole.

HEAD Request: It requests the headers of a resource without actually retrieving the resource’s body. It is same as get but without response body.

OPTIONS Request: It allows a client to inquire about the HTTP methods and other options (headers) supported by a server for a particular resource. It is often employed as a preflight mechanism to check the capabilities of a server before actually sending a request.

Safe Method: 
A method is called as safe if the request does not change the state of the server. 
When a client sends a safe request, it expects that the server will not change any data and will only provide information.
Get, Head and OPTIONS Methods are considered as safe.

Idempotent Operation: 
Idempotent Operation is an operation that can be repeated multiple times with the same effect as if it had been performed only once. 
In other words, making the same request multiple times should have the same result as making it once.
Get, Head, OPTIONS, Put, Patch, and Delete Methods are considered as idempotent.

HTTP Status Codes:

100–199 (Informational Responses): These are sent to tell the client the first part of their request has been accepted and they should continue sending the rest of their request. These codes are no longer very common.

200–299 (Success responses): This range of status codes is used to tell the client their request was successful.

300–399 (Redirection responses): These are used to redirect the client’s request to another resource. This can be either to a different webpage or a different website altogether.

400–499 (Client Errors): Used to inform the client that there was an error with their request.

500–599 (Server Errors): Indicates a problem with the server handling the request.

HTTP Headers:

Although no header is strictly required when making a HTTP request but you may find it difficult to view a website properly if some header is missing.

Request Headers:

These are headers that are sent from the client (usually your browser) to the server. Some of the common Request headers are:

Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you’ll just receive the default website for the server.

User-Agent: This is your browser software and version number, telling the web server about your browser software helps the server in formatting the website properly for the browser and also some elements of HTML, JavaScript and CSS are only available in certain browsers.

Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.

Accept-Language: Accept-Language header tells the server about all the languages that the client can understand.

Cookie: “The ‘Cookie’ header contains cookies that were previously sent by the server to the client using the ‘Set-Cookie’ header. The client sends these stored cookies back to the server with each request, allowing the server to associate the request to a specific user or session.

Content-Length: When sending data to a web server, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn’t missing any data. Basically Content-Length is the number of bytes of data in the body of the request or response.

Response Headers:

These are the headers that are returned to the client from the server after a request. Some of the common Response headers are:

Set-Cookie: The Set-Cookie header instructs the client to store a cookie with the specified name, value, and additional attributes, such as expiration, domain, path, and security flags. The client will then include the cookie in subsequent requests in order to facilitate stateful communication and personalized experiences.

Cache-Control: How long to store the content of the response in the browser’s cache before it requests it again. For example, Cache-Control: max-age=3600, public instructs the client to cache the response for a maximum of 3600 seconds (1 hour) and allows caching by public caches.

Content-Type: This tells the client what type of data is being returned, i.e., HTML, CSS, JavaScript, Images, PDF, Video, etc. Using the content-type header, the browser then knows how to process the data.

Content-Encoding: The method used to compress the data to make it smaller when sending it over the internet.

Https
Http Request
Http Methods
Http Status Code
Networking

--

--

Broken Code

Written by Broken Code

14 Followers

Network Security Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams