HTTP: IN DETAIL
Last updated
Last updated
HTTP, or Hypertext Transfer Protocol, serves as the fundamental communication protocol on the internet. It facilitates the interaction between your web browser (the client) and the servers that store website data. When you enter a URL, your browser sends an HTTP request to the server, asking for the desired content. The server responds with an HTTP response, delivering the requested data. This exchange follows a request-response cycle and involves methods like GET and POST, status codes indicating success or errors, headers for additional information, and operates as a stateless protocol. The secure version, HTTPS, encrypts data for enhanced security during transmission. HTTP forms the backbone of web communication, enabling the seamless flow of information between clients and servers.
Scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).
User: Some services require authentication to log in, you can put a username and password into the URL to log in.
Host: The domain name or IP address of the server you wish to access.
Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1–65535.
Path: The file name or location of the resource you are trying to access.
Query String: Extra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.
Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.
EXAMPLE REQUEST:
EXAMPLE RESPONSE:
1. GET: Ask for a webpage or information from the server.
2. POST: Send data (like filling out a form) to the server.
3. PUT: Update or create something on the server.
4. DELETE: Ask the server to get rid of something.
5. PATCH: Make small updates to something on the server.
6. HEAD:Ask for information about a resource without getting the actual content.
1xx — Informational: 100 Continue: The server has received the initial part of the request, and the client can continue with the rest. 101 Switching Protocols: The server is switching protocols, for example, upgrading to a newer version of HTTP.
2xx — Success: 200 OK: The request was successful, and the server provides the requested data. 201 Created: The request resulted in the creation of a new resource. 202 Accepted: The request has been accepted but not yet processed. 204 No Content: The request was successful, but there is no new information to send back. 206 Partial Content: The server is sending only part of the resource due to a partial GET request.
3xx — Redirection: 300 Multiple Choices: The requested resource has multiple representations; the user or client can choose. 301 Moved Permanently: The requested resource has been permanently moved to a new location. 302 Found (or Moved Temporarily): Similar to 301, but the redirection is temporary. 304 Not Modified:The resource has not been modified since the last request. 307 Temporary Redirect: Similar to 302 but indicates that the request method should not change. 308 Permanent Redirect:Similar to 301, but it should be used for permanent redirection.
4xx — Client Error: 400 Bad Request: The server could not understand the request. 401 Unauthorized:Authentication is required, and the user has not provided valid credentials. 403 Forbidden: The server understood the request, but the server refuses to fulfill it. 404 Not Found: The requested resource could not be found on the server. 405 Method Not Allowed: The method specified in the request is not allowed for the resource. 408 Request Timeout: The server timed out while waiting for the request. 429 Too Many Requests: The user has sent too many requests in a given amount of time.
5xx — Server Error: 500 Internal Server Error:A generic error message indicating a server problem. 501 Not Implemented: The server does not support the functionality required to fulfill the request. 502 Bad Gateway: The server, while acting as a gateway or proxy, received an invalid response from an upstream server. 503 Service Unavailable: The server is not ready to handle the request. Commonly occurs during maintenance or when the server is overloaded. 504 Gateway Timeout: The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server.
Request Headers:
Sent by the client to the server.
Provide information about the request, such as:
The specific resource being requested (e.g., a web page, image, or video).
The client’s capabilities (e.g., preferred language, supported media types).
Authentication credentials (if required).
Examples:
User-Agent: Identifies the browser or application making the request.
Accept: Specifies the preferred content types (e.g., HTML, text, images).
Authorization: Contains login credentials for secure resources.
Response Headers:
Sent by the server back to the client.
Provide information about the response, such as:
The status code (e.g., 200 for success, 404 for not found).
Details about the content being sent (e.g., size, type, encoding).
Additional information about the server or resource.
Examples:
Content-Type: Indicates the type of content being sent (e.g., HTML, JPEG).
Content-Length: Specifies the size of the content in bytes.
Server: Identifies the software used by the server.
Cookies are like tiny notes websites leave on your browser. They help websites remember you, like:
Keeping you logged in
Saving items in your shopping cart
Showing you relevant news and ads
Some can track you across the web, but you can control them:
Clear cookies you don’t like
Choose which websites can leave notes
Below is a cookie example from Tryhackme:
