Go Deeper from what you know about HTTP.
What is a Hypertext Transfer Protocol (HTTP) server?
Hypertext transfer protocol Tim Berners-Lee and his team invented HTTP between 1989 and 1991, and it is the protocol that is utilized every time you visit a website. In order to communicate with web servers, HTTP uses a set of rules for transmitting webpage data, including HTML, images, videos, and so on.
What does HTTPS stand for?
Secure Hypertext Data Transfer HTTPS is the safest version of the HTTP protocol. In addition to preventing others from seeing the data you are receiving and sending, HTTPS data is encrypted so that you can be confident that you are communicating with the actual web server and not an impostor.
HTTPS encrypts and protects the integrity of data in transit by making sure that data is only readable by the recipient and not by anyone else who might be able to intercept it.
When you visit a website, your browser will need to send requests for resources like HTML and images to a web server and then download the responses. Before you can do that, you must first inform the browser how and where to find these resources. This is when URLs come in handy. Your browser does not encrypt any information you enter in the URL bar, including the web address itself, and any network intermediary, such as your ISP or a public WiFi access point, can see it.
What is a URL? (Uniform Resource Locator)
There is a high probability that if you have used the internet at all, you have come across URLs. There are many different types of URLs, but on the whole, a URL is a command that directs you to a resource online.
In the example below, you can see how a URL looks with all of its properties (although dthem in every single request).
Scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).
User: Some services require authentication to log in, you can put a username and password into the URL to log in.
Host: The domain name or IP address of the server you wish to access.
Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1–65535.
Path: The file name or location of the resource you are trying to access.
Query String: Extra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.
Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.
Here are some examples: The following picture displays example URIs and their component parts.The following picture displays example URIs and their component parts.
The following steps are performed by a client when it wants to communicate with a server, either the final server or an intermediate proxy, as described above:
Example of an HTTP Request:
GET / HTTP/1.1
User-Agent: Mozilla/5.0 Firefox/90.0
Let’s check this out line by line:
Line 1: This request is sending the GET method ( more on this in the HTTP Methods task ), request the home page with / and telling the web server we are using HTTP protocol version 1.1.
Line 2: We tell the web server we want the website menitasa.com
Line 3: We tell the web server we are using the Firefox version 90 Browser
Line 4: We are telling the web server that the web page that referred us to this one is menitasa.com
Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.
Example of an HTTP Response:
HTTP/1.1 200 OK
Date: Fri, 09 Apr 2021 13:34:03 GMT
Welcome To menitasa.com
Let’s check this out line by line:
Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case “200 Ok” which tells us the request has completed successfully.
Line 2: This tells us the web server software and version number.
Line 3: The current date, time and timezone of the web server.
Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.
Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.
Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.
Lines 7–14: The information that has been requested, in this instance the homepage.
HTTP methods are ways for HTTP requests to indicate what the client intends to do. In this section, we’ll cover the most common HTTP methods, although mainly you’ll be dealing with GET and POST.
This is used for getting information from a web server.
This is used for submitting data to the web server and potentially creating new records
This is used for submitting data to a web server to update information
This is used for deleting information/records from a web server.
Click here to learn more about HTTP Methods.
HTTP Status Codes
HTTP response status codes indicate whether a specific HTTP In response to a specific HTTP request, the HTTP status code indicates whether the request has been completed successfully.
Status codes fall into five categories:
- Informational responses (100–199)
- Successful responses (200–299)
- Redirection messages (300–399)
- Client error responses (400–499)
- Server error responses (500–599)
Common HTTP Status Codes:
HTTP Status Code 200 — OK
This is your ideal status code for your normal, everyday, properly functioning page.
HTTP Status Code 301 — Permanent Redirect
A 301 redirect should be utilized any time one URL needs to be redirected to another permanently If you need to permanently redirect one URL to another, use a 301 redirect. 301 redirects refer visitors and bots to the new URL if they land on that page.
HTTP Status Code 302 — Temporary Redirect
The main difference between a 302 and a 301 is that visitors and bots are redirected to the new page, but link equity is not transferred. A 302 redirect should not be used for permanent changes. Search engine crawlers will treat 302s as temporary, so the redirect may not pass along link equity like it does with a 301.
- What is link equity? Search engines use “link equity,” which is also known as “link juice,” to rank pages on the basis that certain links pass value and authority from one page to another. Google and other search engines use links that pass equity as one of many signals to determine a page’s ranking in the SERPs, such as the linking page’s authority, topical relevance, HTTP status, and more.
HTTP Status Code 404 — Not Found
The server did not find the file or page that the browser requested. The 404 error does not indicate whether the page or resource is missing permanently or temporarily
HTTP Status Code 410 — Gone
410s are more permanent than 404s; they indicate the page is no longer available. No forwarding address has been configured and the page is no longer available on the server.
HTTP Status Code 500 — Internal Server Error
Instead of a problem with missing or unfound pages, this status code indicates a problem with the server. The 500 error is a classic server error that prevents access to your website.
HTTP Status Code 503 — Service Unavailable
When the server is unavailable, a 503 response is returned. The visitor is encouraged to try again later. The server may temporarily be overloaded or undergo maintenance. A 503 status code ensures that the search engines know to come back soon because the page or site is only going to be down for a short time.
let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored.
Common Request Headers
These are headers that are sent from the client (usually your browser) to the server.
Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you’ll just receive the default website for the server.
Content-Length: When sending data to a web server such as in a form, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn’t missing any data.
Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.
Cookie: Data sent to the server to help remember your information (see cookies task for more information).
Common Response Headers
These are the headers that are returned to the client from the server after a request.
Set-Cookie: Information to store which gets sent back to the web server on each request (see cookies task for more information).
Cache-Control: How long to store the content of the response in the browser’s cache before it requests it again.
Content-Encoding: What method has been used to compress the data to make it smaller when sending it over the internet.
Click here to learn more about HTTP Headers.
Most people have heard of cookies before, they are just a simple piece of data that is stored on your computer. Cookies are saved when you receive a “Set-Cookie” header from a web server. Then every further request you make, you’ll send the cookie data back to the web server. Because HTTP is stateless (doesn’t keep track of your previous requests), cookies can be used to remind the web server who you are, some personal settings for the website or whether you’ve been to the website before.
Let’s take a look at this as an example HTTP request:
PHPSESSID -It’s a cookie to store current user session id in the cookie. It will expire once browser is closed. ( Session type cookie)
ACOPENDIVIDS — It’s a cookie Get list of div ids that should be expanded due to persistence (‘div1,div2,etc’)
Types of cookies
- 2.1 Session cookie
- 2.2 Persistent cookie
- 2.3 Secure cookie
- 2.4 Http-only cookie
- 2.5 Same-site cookie
- 2.6 Third-party cookie
- 2.7 Supercookie
- 2.7.1 Other uses
- 2.8 Zombie cookie
Most commonly, cookies are used for website authentication. The cookie value usually isn’t a clear-text string in which you can see the password, but a token (a secret code that isn’t easily guessable by humans).
Viewing Your Cookies
Using your browser’s developer tools, you can easily see what cookies your browser is sending to a website. Click on the “Network” tab once you have developer tools open. Your browser will display a list of the resources it has requested through this tab. Clicking on each one will give you a detailed breakdown of what was requested. Cookies sent by your browser will appear in the “Cookies” tab of the request.
Click here to learn more about HTTP cookies.
Through reading this post, I hope you gain a better understanding of HTTP Flow and how it performs and operates.
I encourage you to check out my website to read more articles like this on a variety of topics related to information technology