HTTP (RFC 2068) is an essential technology for transferring and translating information online. HTTP and web servers are part of a sysadmin’s life, but we don’t always have the time to deep dive into how it works. That’s where this article comes in. What follows is a primer on HTTP: what it is, how it’s used, what its limitations are, and how we, as sysadmins, can better use it for more secure browsing.
HTTP: Powering the world wide web
HTTP stands for Hypertext Transfer Protocol. It’s an application protocol for hypermedia information systems that facilitates the communication of data on the World Wide Web.
In essence, it’s the way in which information is sent from a user’s web browser to the website they’re visiting.
It was invented alongside HTML in the years 1989-1991 by Tim Berners-Lee at CERN. Initially used to create the first interactive, text-based browser it remains today as one of the primary means of using the internet.
HTTP standards are developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF), resulting in the publication of a series of Requests for Comments (RFCs).
HTTP has four versions:
HTTP/1.1 is the most commonly used version today however HTTP/2.0 is a promising up-and-comer.
The evolution of HTTP
HTTP has seen three main iterations since its inception.
The initial version of HTTP, HTTP/0.9 was a simple client-server, request-response, Telenet-friendly protocol. It sported a single-line request nature and supported GET methods only.
HTTP/1.0 was the first browser-friendly protocol. It provided header fields including metadata about both request and response. It supported GET, HEAD, and POST methods with responses no longer limited to hypertext.
The most commonly used protocol today, HTTP/1.1 introduced critical performance optimizations and feature enhancements, including:
- Persistent and pipelined connections
- Chunked transfers
- Content negotiations
- Virtual hosting
- Faster response
- Great bandwidth savings by adding cache support
It supports GET, HEAD, POST, PUT, DELETE, TRACE, and OPTIONS methods.
HTTPS: A more secure future
HTTPS stands for Hypertext Transfer Protocol Secure. It’s essentially the same concept as HTTP but with one major difference: security. Instead of using its own application layer protocol, it uses different protocols called Transport Layer Security (TLS) and Secure Sockets Layer (SSL).
Both TLS and SSL act as secure “tunnels” through which information travels to get to a user’s browser. They also encrypt the information sent, making it harder to crack and read if it is intercepted.
The majority of browsers nowadays support HTTPS for more secure browsing. Mozilla Firefox, Google Chrome, and Internet explorer all display a padlock icon to denote a secure HTTPS connection.
HTTP vs HTTPS
Both protocols have their uses on the web, but HTTPS is fast becoming the preferred method by which to deliver and receive information online. Not only is it more secure, browsers like Google Chrome actually parse digital data faster over HTTPS. This is because the information is more trusted and doesn’t have to be cached and scanned before delivery.
HTTPS is also preferred by search engines like Google. Faster load times and lower bounce rates will impact your SEO significantly – both factors influenced by HTTPS.
HTTP is the backbone of the internet
What does HTTP stand for? Access. At the end of the day, HTTP as a technology facilitates our online operations. It allows information to get from point A to point B. This isn’t to say it can’t be improved upon. HTTPS is now leading the pack when it comes to online application protocols so it’s in your best interest to buff up your knowledge on both.
Now you know everything there is to know about HTTP.