What is HTTP?

What is httpSo far we have learned that when we navigate the internet, browsers make requests to a web server and the servers send back a response. Today we are going to learn how these requests and responses are transmitted.
Have you noticed that web addresses (also called URLs) often begin with “http://” or “https://”?

Use the buttons below to navigate through the lesson

img0
img1
img2
img3
img4
img5
img6
img7
img8
img9
img10
img11
img12
img13
img14
img15
img16
img17
img18
img19
img20
img21
img22
img23
img24
img25
img26
img27
img28
img29
img30
img31
img32
img33
img34
img35
img36
img37
img38
img39
img40
img41
img42
img43
img44
img45
img46
img47
img48
img49
img50
img51
img52
img53
img54
img55

This first part of a URL (URL stands for Universal Resource Locator) tells the browser how to communicate with the web server. This is almost always HTTP, so often the “http://” part of the address is left out. This is why you can just type “www.google.com” to get to the Google homepage: your browser assumes if you don’t say otherwise you want to use HTTP.

But what is HTTP?

HTTP stands for HyperText Transfer Protocol. This is an agreed standard which defines a way for computers to talk over the internet.

For our purposes we don’t need to understand the underlying details of exactly how the protocol defines computers can talk. We can think of it like a language that both our browser and the web server speak so they can understand each other when they make requests/responses.

It is also important for us to understand that there are different types of request in HTTP. These are defined by having different verbs.

So our browser makes a request using a particular verb and the server responds appropriately depending on the verb.

There are more than 20 HTTP verbs defined, but the most common are GET, POST, PUT, DELETE and HEAD. Of these, by far the most important are GET and POST.

When your browser navigates to a new webpage it sends a GET request to the URL you have typed. Sending a GET request asksW the server for some particular data that is located at the address you have supplied.

Here is a fake URL as an example: http://www.myfakeblog.com/category/this-is-my-post

HTTP Responses 1

When we type this into our browser, the browser makes a GET request to the webserver located at www.myfakeblog.com. The browser uses GET as a default in this case.

The server looks at the extra address information: /category/this-is-my-post and uses this to find the exact page that the browser is requesting.

This is a common pattern for a GET request.

POST requests usually mean the browser is sending data to the server, for example login details or other requests that require data from the browser to formulate the correct response. These POST requests are usually used for requests that change the state of the web page.

What is HTTPS?

HTTPS stands for HyperText Transfer Protocol Secure. This is an encrypted form of HTTP.

When we send a request it doesn’t go immediately to the server. Because the internet is a connected network of computers each request passes through many computers before arriving at the server, then the response comes back via the same route.

Since HTTP is unencrypted that means that all of the computers between your browser and the website can read all of the data you are sending back and forth!

You can use a utility called tracert to see how many computers are between your browser and the website you are accessing.

Try this experiment:

On windows, press your Windows key:

HTTP Responses 2

Then type “cmd” and press Enter. This brings up a command prompt, which looks similar to this:

HTTP Responses 3

Now type “tracert google.com” and press Enter. This shows you the number of computers (hops) between your computer and google.com. You can try this with other websites too by replacing the website name “google.com” with whatever web address you like.

You can see that many computers are between you and every website – because the internet is a connected network. Using HTTP each of those computers can read the traffic that passes through them.

To solve this problem an encrypted form of HTTP was developed, called HTTPS. This encrypts the data so only your browser and the web server can read it, using a technology called SSL (Secure Socket Layers). HTTPS is used for secure transactions such as financial information, private information, and login on most websites.

You should always look for the HTTPS symbol when using websites where security is important. On many browsers this appears as a padlock:
HTTP Responses 4
If we build a secure website we need to ensure it supports HTTPS for any private transactions.