HTTP - AN OVERVIEW

Sunil Ramaswamy

PREVIEW

What is HTTP

HTTP 1.1 vs. HTTP 1.0

Request/Response formats

Request/Response headers

HTTP methods

HTTP Status Codes

What is HTTPS

WHAT IS HTTP

Application layer Protocol used by the World Wide Web

Carries content and instructions to Web servers and browsers

Generally uses port number 80

Operates in Request - Response model, without state persistence

HTTP has evolved from version 0.9 to 1.0 to 1.1

Permits intermediate network elements to deliver content on behalf of upstream

servers

Web browsers cache previously accessed web resources and reuse them

HTTP 1.1 VS. HTTP 1.0

(PERSISTENT CONNECTIONS)

HTTP/ 1.1 allows persistent connections

More than one request/response transactions can be made on the same

connection.

One TCP connection is maintained for a batch of http transactions

CPU time is saved in routers and hosts

Latency due to TCP's connection opening handshake is reduced

Persistent connections are the default behaviour of 1.1 HTTP connection.

Client/Server signals the close of a TCP connection using the Connection header
field.

REQUEST FORMAT

RESPONSE FORMAT

HTTP METHODS
Method

Description

GET

Retrieve a resource

PUT

Store a resource

DELETE

Remove a resource

POST

Update a resource

HEAD

Retrieve the headers for a resource

HTTP STATUS CODE

CLASSIFICATION
Range

Category

100-199

Informational

200-299

Successful

300-399

Redirection

400-499

Client Error

500-599

Server Error

HTTP STATUS CODES

Code

Reason

Description

200

OK

The status code everyone wants to see. A 200 code in the response means everything
worked!

301

Moved Permanently

The resource has moved to the URL specified in theLocation header and the client never
needs to check this URL again.
We saw an example of this earlier when we used Telnet and the server redirected us
from www.odetocode.com toodetocode.com to give search engines a canonical URL.
The resource has moved to the URL specified in theLocation header. In the future, the
client can still request the URL because it's a temporary move.

302

Moved Temporarily

304

Not Modified

This is the server telling the client that the resource hasn't changed since the last time the
client retrieved the resource, so it can just use a locally cached copy.

400

Bad Request

The server could not understand the request. The request probably used incorrect syntax.

403

Forbidden

The server refused access to the resource.

404

Not Found

A popular code meaning the resource was not found.

500

Internal Server Error

The server encountered an error in processing the request. Commonly happens because
of programming errors in a web application.

503

Service Unavailable

The server will currently not service the request. This status code can appear when a server
is throttling requests because it is under heavy load.

This type of response code is typically used after a POSToperation to move a client to a
resource it can retrieve with GET (the POST/Redirect/GET pattern we talked about earlier).

HTTP REQUEST HEADERS

Header

Description

Host

The domain name the browser is looking for

User-Agent

Browser, OS name and version, Default language.

Accept-Language

Preferred language of client

Accept-Encoding

Accepted compression format

If-Modified-Since

Server to decide if the cached version is fresh

Cookie

Set of Key Value pairs, for client identification

Referer

Originating document url

Authorization

Base 64 encoded login credentials

HTTP RESPONSE HEADERS

Header

Description

Cache Control

Sets cache duration; disable caching

Content-Type

Defines "mime-type" of the document

Content-Disposition

Instructs browser to download as file

Content-Length

Size of content

Location

Redirection url

Set-Cookie

Writes a cookie

WWW-Authenticate

Requests log-on credentials

Content-Encoding

Compression format

WHAT IS HTTPS

HTTPS URLs begin with "https://" and use port 443 by default

HTTP is layered on top of the SSL/TLS protocol, thus securing the complete HTTP
payload

This includes the request URL, query parameters, headers, and cookies

HTTPS provides bidirectional encryption of the HTTP payload, thus preventing

wiretapping and man-in-the-middle attacks.

Provides reasonable guarantee that one is communicating with intended server and
the contents are not read/tampered in transit

THANK YOU