http
http
The Hypertext Transfer Protocol is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.
Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989 and summarized in a simple document describing the behavior of a client and a server using the first HTTP protocol version that was named 0.9. That first version of HTTP protocol soon evolved into a more elaborated version that was the first draft toward a far future version 1.0. Development of early HTTP Requests for Comments started a few years later and it was a coordinated effort by the Internet Engineering Task Force and the World Wide Web Consortium, with work later moving to the IETF. HTTP/1 was finalized and fully documented in 1996. It evolved in 1997 and then its specifications were updated in 1999 and in 2014. Its secure variant named HTTPS is used by more than 76% of websites. HTTP/2 is a more efficient expression of HTTP's semantics "on the wire", and was published in 2015; it is used by more than 45% of websites; it is now supported by almost all web browsers and major web servers over Transport Layer Security using an Application-Layer Protocol Negotiation extension where TLS 1.2 or newer is required. HTTP/3 is the proposed successor to HTTP/2; it is used by more than 20% of websites; it is now supported by many web browsers. HTTP/3 uses QUIC instead of TCP for the underlying transport protocol. Like HTTP/2, it does not obsolete previous major versions of the protocol. Support for HTTP/3 was added to Cloudflare and Google Chrome first, and is also enabled in Firefox. Technical overview HTTP functions as a request–response protocol in the client–server model. A web browser, for example, may be the client whereas a process, named web server, running on a computer hosting one or more websites may be the server. The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and other content or performs other functions on behalf of the client, returns a response message to the client. The response contains completion status information about the request and may also contain requested content in its message body. A web browser is an example of a user agent. Other types of user agent include the indexing software used by search providers, voice browsers, mobile apps, and other software that accesses, consumes, or displays web content. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. High-traffic websites often benefit from web cache servers that deliver content on behalf of upstream servers to improve response time. Web browsers cache previously accessed web resources and reuse them, whenever possible, to reduce network traffic. HTTP proxy servers at private network boundaries can facilitate communication for clients without a globally routable address, by relaying messages with external servers. To allow intermediate HTTP nodes to accomplish their functions, some of the HTTP headers are managed hop-by-hop whereas other HTTP headers are managed end-to-end. HTTP is an application layer protocol designed within the framework of the Internet protocol suite. Its definition presumes an underlying and reliable transport layer protocol, thus Transmission Control Protocol is commonly used. However, HTTP can be adapted to use unreliable protocols such as the User Datagram Protocol, for example in HTTPU and Simple Service Discovery Protocol. HTTP resources are identified and located on the network by Uniform Resource Locators, using the Uniform Resource Identifiers schemes http and https. As defined in URIs are encoded as hyperlinks in HTML documents, so as to form interlinked hypertext documents. In HTTP/1.0 a separate connection to the same server is made for every resource request. In HTTP/1.1 instead a TCP connection can be reused to make multiple resource requests. HTTP/1.1 communications therefore experience less latency as the establishment of TCP connections presents considerable overhead, specially under high traffic conditions. HTTP/2 is a revision of previous HTTP/1.1 in order to maintain the same client-server model and the same protocol methods but with these differences in order: to use a compressed binary representation of metadata instead of a textual one, so that headers require much less space; to use a single TCP/IP connection per accessed server domain instead of 2 to 8 TCP/IP connections; to use one or more bidirectional streams per TCP/IP connection in which HTTP requests and responses are broken down and transmitted in small packets to almost solve the problem of the HOLB. to add a push capability to allow server application to send data to clients whenever new data is available. HTTP/2 communications therefore experience much less latency and, in most cases, even more speed than HTTP/1.1 communications. HTTP/3 is a revision of previous HTTP/2 in order to use QUIC + UDP transport protocols instead of TCP/IP connections also to slightly improve the average speed of communications and to avoid the occasional problem of TCP/IP connection congestion that can temporarily block or slow down the data flow of all its streams. History The term hypertext was coined by Ted Nelson in 1965 in the Xanadu Project, which was in turn inspired by Vannevar Bush's 1930s vision of the microfilm-based information retrieval and management "memex" system described in his 1945 essay "As We May Think". Tim Berners-Lee and his team at CERN are credited with inventing the original HTTP, along with HTML and the associated technology for a web server and a client user interface called web browser. Berners-Lee first proposed the "WorldWideWeb" project in 1989, now known as the World Wide Web. The first web server went live in 1990. The protocol used had only one method, namely GET, which would request a page from a server. The response from the server was always an HTML page. HTTP/1.0 W3C HTTP-NG Working Group IETF HTTP Working Group restarted HTTP/1.1 Final Update SPDY: an unofficial HTTP protocol developed by Google HTTP/2 HTTP/0.9 Deprecation Request and response messages through connections Data is exchanged through a sequence of request–response messages which are exchanged by a session layer transport connection. Persistent connections In HTTP/0.9, the TCP/IP connection is always closed after server response has been sent, so it is never persistent. In HTTP/1.0, as stated in RFC 1945, the TCP/IP connection should always be closed by server after a response has been sent. In HTTP/1.1 a keep-alive-mechanism was officially introduced so that a connection could be reused for more than one request/response. Such persistent connections reduce request latency perceptibly because the client does not need to re-negotiate the TCP 3-Way-Handshake connection after the first request has been sent. Another positive side effect is that, in general, the connection becomes faster with time due to TCP's slow-start-mechanism. HTTP/1.1 added also HTTP pipelining in order to further reduce lag time when using persistent connections by allowing clients to send multiple requests before waiting for each response. This optimization was never considered really safe because a few web servers and many proxy servers, specially transparent proxy servers placed in Internet / Intranets between clients and servers, did not handled pipelined requests properly. Besides this only HEAD and some GET requests could be pipelined in a safe and idempotent mode. After many years of struggling with the problems introduced by enabling pipelining, this feature was first disabled and then removed from most browsers also because of the announced adoption of HTTP/2. HTTP/2 extended the usage of persistent connections by multiplexing many concurrent requests/responses through a single TCP/IP connection. HTTP/3 does not use TCP/IP connections but QUIC + UDP. Content retrieval optimizations HTTP/0.9 HTTP/1.0 HTTP/1.1 HTTP/2, HTTP/3 HTTP authentication HTTP provides multiple authentication schemes such as basic access authentication and digest access authentication which operate via a challenge–response mechanism whereby the server identifies and issues a challenge before serving the requested content. HTTP provides a general framework for access control and authentication, via an extensible set of challenge–response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. Above mechanism belong to HTTP protocol and it is managed by client and server HTTP software, not by web application that usually use a web application session. Authentication realms The HTTP Authentication specification also provides an arbitrary, implementation-specific construct for further dividing resources common to a given root URI. The realm value string, if present, is combined with the canonical root URI to form the protection space component of the challenge. This in effect allows the server to define separate authentication scopes under one root URI. a request line, consisting of the case-sensitive request method, a space, the requested URL, another space, the protocol version, a carriage return, and a line feed, e.g.: GET /images/logo.png HTTP/1.1 zero or more request header fields, each consisting of the case-insensitive field name, a colon, optional leading whitespace, the field value, an optional trailing whitespace and ending with a carriage return and a line feed, e.g.: Host: www.example.com Accept-Language: en an empty line, consisting of a carriage return and a line feed; an optional messa…
