Hypertext Transfer Protocol (HTTP)

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.1

Communication between a host and a client occurs, via a request/response pair. The client initiates an HTTP request message, which is serviced through a HTTP response message in return. 2

Related Topics

• Web Application Security: Web application security is a branch of information security that deals specifically with the security of websites, web applications, and web services.

• Cookie : An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser.

Training

• HTTP: The Protocol Every Web Developer Must Know - Part 1

Cookie

An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with later requests to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol.

Request

Verbs

see: HTTP: The Protocol Every Web Developer Must Know - Part 1

• GET: fetch an existing resource. The URL contains all the necessary information the server needs to locate and return the resource.
• POST: create a new resource. POST requests usually carry a payload that specifies the data for the new resource.
• PUT: update an existing resource. The payload may contain the updated data for the resource.
• DELETE: delete an existing resource.

Response

Status Codes

see: HTTP: The Protocol Every Web Developer Must Know - Part 1

• 2xx: Successful: This tells the client that the request was successfully processed.
• 3xx: Redirection: This requires the client to take additional action. The most common use-case is to jump to a different URL in order to fetch the resource.
• 4xx: Client Error: These codes are used when the server thinks that the client is at fault, either by requesting an invalid resource or making a bad request.
• 5xx: Server Error: This class of codes are used to indicate a server failure while processing the request.

Request for Comments

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society (ISOC), the principal technical development and standards-setting bodies for the Internet.1

• Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing - The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.
• Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content - The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response header fields, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.
• Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests - The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP/1.1 conditional requests, including metadata header fields for indicating state changes, request header fields for making preconditions on such state, and rules for constructing the responses to a conditional request when one or more preconditions evaluate to false.
• Hypertext Transfer Protocol (HTTP/1.1): Range Requests - The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document defines range requests and the rules for constructing and combining responses to those requests.
• Hypertext Transfer Protocol (HTTP/1.1): Caching - The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages.
• Hypertext Transfer Protocol (HTTP/1.1): Authentication - The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework.
• Initial Hypertext Transfer Protocol (HTTP) Authentication Scheme Registrations - This document registers Hypertext Transfer Protocol (HTTP) authentication schemes that have been defined in RFCs before the IANA HTTP Authentication Scheme Registry was established.
• Initial Hypertext Transfer Protocol (HTTP) Method Registrations - This document registers those Hypertext Transfer Protocol (HTTP) methods that have been defined in RFCs before the IANA HTTP Method Registry was established.
  • Upgrading to TLS Within HTTP/1.1 - This memo explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443). It also enables "virtual hosting", so a single HTTP + TLS server can disambiguate traffic intended for several hostnames at a single IP address.
  • HTTP Over TLS - This memo describes how to use TLS to secure HTTP connections over the Internet. Current practice is to layer HTTP over SSL (the predecessor to TLS), distinguishing secured traffic from insecure traffic by the use of a different server port. This document documents that practice using TLS. A companion document describes a method for using HTTP/TLS over the same port as normal HTTP {RFC2817}.
• Hypertext Transfer Protocol — HTTP/1.1 - This document has been superseded. In 2014, RFC2616 was replaced by multiple RFCs (7230-7237).