Hypertext Transfer Protocol
Template:IPstack HyperText Transfer Protocol (HTTP) is the primary method used to convey information on the World Wide Web. The original purpose was to provide a way to publish and receive HTML pages.
Development of HTTP was co-ordinated by the World Wide Web Consortium and working groups of the Internet Engineering Task Force, culminating in the publication of a series of RFCs, most notably RFC 2616, which defines HTTP/1.1, the version of HTTP in common use today.
HTTP is a request/response protocol between clients and servers. An HTTP client, such as a web browser, typically initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a remote host (port 80 by default; see List of well-known ports (computing)). An HTTP server listening on that port waits for the client to send a request string, such as "GET / HTTP/1.1" (which would request the default page of that web server), followed by an email-like MIME message which has a number of informational header strings that describe aspects of the request, followed by an optional body of arbitrary data. Some headers are optional, while others (such as Host) are required by the HTTP/1.1 protocol. Upon receiving the request, the server sends back a response string, such as "200 OK", and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.
HTTP defines eight methods indicating the desired action to be performed on the identified resource.
- GET – Requests a representation of the specified resource. By far the most common method used on the Web today.
- HEAD – Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
- POST – Submits user data (e.g. from a HTML form) to the identified resource. The data is included in the body of the request.
- PUT – Uploads a representation of the specified resource.
- DELETE – Deletes the specified resource (rarely implemented).
- TRACE – Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request.
- OPTIONS – Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server.
- CONNECT – For use with a proxy that can change to being an SSL tunnel.
Methods GET and HEAD are defined as safe, i.e. intended only for information retrieval. Unsafe methods (such as POST, PUT and DELETE) should be displayed to the user in a special way (e.g. as buttons rather than links), making the user aware of possible side effect of their actions (e.g. financial transaction).
Methods GET, HEAD, PUT and DELETE are defined to be idempotent, meaning that multiple identical requests have the same effect as a single request. Also, the methods OPTIONS and TRACE should not have side effects, and so are inherently idempotent.
HTTP servers are supposed to implement at least GET and HEAD methods and, whenever possible, also OPTIONS method.
HTTP differs from other TCP-based protocols such as FTP, because HTTP has different protocol versions:
- 0.9 Deprecated. Was never widely used. Only supports one command, GET. Does not support headers. Since this version does not support POST the client can't pass much information to the server.
- HTTP/1.0 Still in wide use, especially by proxy servers. Allows persistent connections (alias keep-alive connections, more than one request-response per TCP/IP connection) when explicitly negotiated, but only works well when not using proxy servers.
- HTTP/1.1 Current version; persistent connections enabled by default and works well with proxies. Also supports request pipelining, allowing multiple requests to be sent at the same time, allowing the server to prepare for the workload and potentially transfer the requested resources more quickly to the client.
HTTP connection persistence
In HTTP/0.9 and HTTP/1.0, a client sends a request to the server, the server sends a response back to the client. After this, the connection is closed. HTTP/1.1, however, supports persistent connections. This enables the client to send a request and get a response, and then send additional requests and get additional responses. The TCP connection is not released for the multiple additional requests, so the relative overhead due to TCP is much less per request. The use of persistent connection is often called keep alive. It is also possible to send more than one (usually between two and five) request before getting responses from previous requests. This is called pipelining.
There is a HTTP/1.0 extension for connection persistence, but its utility is limited due to HTTP/1.0's lack of unambiguous message delimition rules. This extension uses a header called
Keep-Alive, while the HTTP/1.1 connection persistence uses the
Connection header. Therefore a HTTP/1.1 may choose to support either just HTTP/1.1 connection persistence, or both HTTP/1.0 and HTTP/1.1 connection persistence. Some HTTP/1.1 clients and servers do not implement connection persistence or have it disabled in their configuration.
HTTP connection closing
Both HTTP servers and clients are allowed to close TCP/IP connections at any time (i.e. depending on their settings, their load, etc.). This feature makes HTTP ideal for the World Wide Web, where pages regularly link to many other pages on the same server or to external servers.
Closing an HTTP/1.1 connection can be a much longer operation (from 200 milliseconds up to several seconds) than closing an HTTP/1.0 connection, because the first usually needs a linger close while the second can be immediately closed as soon as the entire first request has been read and the full response has been sent.
HTTP session state
See main article: https: URI scheme
https: is a URI scheme syntactically identical to the http: scheme used for normal HTTP connections, but which signals the browser to use an added encryption layer of SSL/TLS to protect the traffic. SSL is especially suited for HTTP since it can provide some protection even if only one side to the communication is authenticated. In the case of HTTP transactions over the Internet, typically only the server side is authenticated.
Below is a sample conversation between an HTTP client and an HTTP server running on www.example.com, port 80.
GET /index.html HTTP/1.1 Host: www.example.com
Server response (followed by a blank line and text of the requested page):
HTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8
- List of HTTP status codes
- 404 error
- Uniform resource locator
- Basic authentication scheme
- Digest access authentication
- Captive portal
- HTTP proxy
- Content negotiation
Specifications and references
- HTTP/1.0 specification (May 1996) as plain text: RFC 1945
- HTTP/1.1 specification (June 1999) as plain text: RFC 2616; also as HTML, as PostScript, and as PDF;
- HTTP/1.1 specification errata
- Tim Berners-Lee's original 1992 Internet-Draft
- HTTP Sequence Diagram (PDF)
Tutorials and tools
- HTTP Made Really Easy
- HTTP header viewer
- HTTP Header Check - Bookmarklet
- View HTTP Request and Response Header
- Command-line HTTP clients: cURL, Wget, Snarf, fetch
- HTTP Request Smuggling (PDF)
- HTTP compression
- Live HTTP Headers Extension for Firefoxar:HTTP
ca:Protocol de transferència d'hipertext cs:HTTP da:HTTP de:Hypertext Transfer Protocol et:Hypertext Transfer Protocol es:Hypertext Transfer Protocol eo:Hiperteksto-Transiga Protokolo fr:Hypertext Transfer Protocol ko:HTTP id:HTTP it:HTTP he:HTTP lv:HTTP lt:HTTP hu:HTTP nl:Hypertext Transfer Protocol ja:Hypertext Transfer Protocol no:HTTP nn:Hypertext Transfer Protocol pl:HTTP pt:Protocolo de Transferência de Hipertexto ro:HTTP ru:HTTP sk:Hypertext Transfer Protocol sl:HTTP fi:HTTP sv:HTTP tl:HTTP th:HyperText Transfer Protocol tr:HTTP zh:超文本传输协议