What is HTTP?
So far we have learned that when we navigate the internet, browsers make requests to a web server and the servers send back a response. Today we are going to learn how these requests and responses are transmitted.
Have you noticed that web addresses (also called URLs) often begin with “http://” or “https://”?
Use the buttons below to navigate through the lesson
This first part of a URL (URL stands for Universal Resource Locator) tells the browser how to communicate with the web server. This is almost always HTTP, so often the “http://” part of the address is left out. This is why you can just type “www.google.com” to get to the Google homepage: your browser assumes if you don’t say otherwise you want to use HTTP.
But what is HTTP?
HTTP stands for HyperText Transfer Protocol. This is an agreed standard which defines a way for computers to talk over the internet.
For our purposes we don’t need to understand the underlying details of exactly how the protocol defines computers can talk. We can think of it like a language that both our browser and the web server speak so they can understand each other when they make requests/responses.
It is also important for us to understand that there are different types of request in HTTP. These are defined by having different verbs.
So our browser makes a request using a particular verb and the server responds appropriately depending on the verb.
There are more than 20 HTTP verbs defined, but the most common are GET, POST, PUT, DELETE and HEAD. Of these, by far the most important are GET and POST.
When your browser navigates to a new webpage it sends a GET request to the URL you have typed. Sending a GET request asksW the server for some particular data that is located at the address you have supplied.
Here is a fake URL as an example: http://www.myfakeblog.com/category/this-is-my-post
When we type this into our browser, the browser makes a GET request to the webserver located at www.myfakeblog.com. The browser uses GET as a default in this case.
The server looks at the extra address information: /category/this-is-my-post and uses this to find the exact page that the browser is requesting.
This is a common pattern for a GET request.
POST requests usually mean the browser is sending data to the server, for example login details or other requests that require data from the browser to formulate the correct response. These POST requests are usually used for requests that change the state of the web page.
What is HTTPS?
HTTPS stands for HyperText Transfer Protocol Secure. This is an encrypted form of HTTP.
When we send a request it doesn’t go immediately to the server. Because the internet is a connected network of computers each request passes through many computers before arriving at the server, then the response comes back via the same route.
Since HTTP is unencrypted that means that all of the computers between your browser and the website can read all of the data you are sending back and forth!
You can use a utility called tracert to see how many computers are between your browser and the website you are accessing.
Try this experiment:
On windows, press your Windows key:
Then type “cmd” and press Enter. This brings up a command prompt, which looks similar to this:
Now type “tracert google.com” and press Enter. This shows you the number of computers (hops) between your computer and google.com. You can try this with other websites too by replacing the website name “google.com” with whatever web address you like.
You can see that many computers are between you and every website – because the internet is a connected network. Using HTTP each of those computers can read the traffic that passes through them.
To solve this problem an encrypted form of HTTP was developed, called HTTPS. This encrypts the data so only your browser and the web server can read it, using a technology called SSL (Secure Socket Layers). HTTPS is used for secure transactions such as financial information, private information, and login on most websites.
You should always look for the HTTPS symbol when using websites where security is important. On many browsers this appears as a padlock:
If we build a secure website we need to ensure it supports HTTPS for any private transactions.