HTTP and HTTPS are request-response based client-server protocols responsible for communication and data transfer on the www. In this client-server model, the client is usually the browser, while the server can be an application that runs the website. The client sends an HTTPS request to the server, and the server, which stores the data (text, image, html files, etc.), sends a response back to the client. The response always contains information about the execution of the request and usually the requested content.
In the example above, the browser is a typical user agent. Any software that can process and display the data on the Internet is a user agent. This can also include mobile applications or search engines robots that constantly crawl the web.
The HTTP protocol sits on the application layer of the TCP/IP model and therefore needs a reliable transport layer protocol to work, which in most cases is TCP. In addition to TCP, HTTP can use other protocols for transport, such as the unreliable UDP or SSDP. HTTP resources can be accessed using URLs. The HTTP or HTTPS tag at the beginning of a URL indicates which protocol the web page uses. The URL, HTML documents and links form a network of interconnected data on the Internet.
The HTTP requests are structured as follows:
- Request line, this line contains the command, which in HTTP version 1.1 can be GET, POST, HEAD, OPTIONS, PUT, DELETE, TRACE and CONNECT, depending on what you want. If you want to open an image, the line looks like this: GET /images example.jpg HTTP /1.1
- The request line is followed by the headers, where you can further refine the request. For example: Accept-Language: en, i.e. the response is requested in English.
- The header is followed by a blank line.
- Finally, there is a message part, which can be omitted if you wish.
The HTTP response is as follows:
- Information about the completion, for example: http/1.1 200 OK, so the request was successful.
- This is followed by the response header.
- This is followed by a blank line.
- Finally, an optional message part.
HTTPS differs from HTTP in that it is based on the SSL/TLS encryption protocol. Typically, HTTPS is used for websites that require a password to log in, or for websites where financial transactions take place. Browsers know that a site is trustworthy because web servers using HTTPS must obtain a certificate from a trusted certificate authority (VeriSign, Microsoft, etc.). Once confirmed, browsers will also indicate in the address bar that the site is trusted using https.