A brief idea about HTTP  and  HTTPS

A brief idea about HTTP and HTTPS

What is HTTP?

HTTP stands for Hyper Text Transfer Protocol. It is responsible for communication between web clients and servers by sending HTTP Requests and receiving HTTP Responses. It is also responsible for loading pages, form submission and making Ajax calls. It is stateless which means every request is independent (For eg: if you load a page or visit another page, it won't remember this transaction)

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure. It is a protocol that secures communication and data transfer between a user's web browser and a website. HTTPS is the secure version of HTTP. The protocol protects users against eavesdroppers and man-in-the-middle (MitM) attacks by encrypting the data using SSL or TLS which is a certification offered by a third-party organization (for eg: GoDaddy)

What is SSL?

An SSL certificate is code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection.

What is TLS?

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL.

Basics Methods of HTTPS:

  • GET: Retrieves/Gets data from a server

  • POST: Submit/Post data to a server

  • PUT: Update data already available on a server.

  • DELETE: Delete data from a server

HTTP Header Fields:

An HTTP header is a field of an HTTP request or response that passes additional context and metadata about the request or response.

HTTP Header Fields (Reference: Envato Tuts+)

General:

  • Request URL

  • Request Method

  • Status Code:

  • Remote Address: The IP of the remote computer

  • Referrer Policy: The norm/policy that allows the transaction of data from one page to another/

Response:

  • Server: Apache, EngineX

  • Set-Cookie: Allows servers to send small bits of data(cookies) from server to client.

  • Content-Type: .html, .cs., .js - extension

  • Content-Length

  • Date

Request:

  • Cookies

  • Accept-xxx

  • Content-Type

  • Content-Length

  • Authorization

  • User-Agent: A long string that is associated with the user's browser

  • Referrer

HTTP Status Codes

  • 1xx: Informational: request received/processing

  • 2xx: Success: Successfully received, understood and accepted

  • 3xx: Redirect: Further action must be taken/redirected

  • 4xx: Client Error: Request does not have what it needs

  • 5xx: Server Error: The server failed to fulfil an apparent valid request.