HTTP stands for HyperText Transfer Protocol where HTTPS stands for HyperText Transfer Protocol Secure.
HTTP is a protocol that is used to communicate between web browsers and web servers. Whatever we do in the browser, the browser sends a request to the server. Here DNS comes which I wrote in my previous article. Then server response according to the request. For example, when we enter a URL into our web browser and hit enter this actually sends an HTTP command to the server to respond with the requested page. HTTP is actually a stateless protocol because each command is performed independently.
Important Things about HTTP:
- HTTP is connectionless: After making the request the client disconnect from the server. Then when the response is ready the server re-establish the connection again and delivers the response.
- HTTP can send any type of data as long as the server and client able to read it.
- HTTP is Stateless: The client and server know each other just during the current request. If it closes and they want to connect again they need to provide information to each other again.
Understanding Request and Response:
Here we have a client on the right and a server on the right. The client wants to see a website for example- https://malwarecare.com/#blog. The user type in the URL bar of the browser. But they need to be physically connected (user computer and web server). It’s the job of the internet. Using the TCP/IP protocol it establishes the connection and does all necessary work for the two computers to talk via HTTP. When the connection is established the client sends a request called HTTP message/request. As the HTTP is a connectionless protocol the clients disconnect from the server. Then it waits for the response. On the other hand, the server processes the request and prepare the response. Then the server establishes the connection again and sends back the response again in the form of an HTTP message to the client. Then the two computers disconnect completely. It is very general. Let’s take a close look at HTTP message-
The information in the three-section varies depending on the message whether it is a request or response. Request HTTP message differs from the Response one. First, let’s see the Request message.
HTTP Request Message:
In the start line, the first thing is the Method. Basically method is a sort of command from the client. It tells the server what it should do. For example – give data, delete this and put this on the database. Most common HTTP methods – GET, POST. GET tells the server to give data and post tell it to store in the database. In our case, it is GET because the user wants to see a webpage in his browser. He is asking the server to give him the webpage. Then we have a URI (Uniform Resource Identifier). URI is a set of readable characters and a way to locate resources which we are requesting from the server. In our case, it is /#blog. Then we have the HTTP version that the client is using so that the server understands the message well. The headers specify some information rules, for example, the Host which is the address of the server to which we are sending requests. Which is www.malwarecare.com. Accept-Language specifies the language and Accept tells the server what type of files.
Here is our case:
HTTP Response Message:
Here is our case:
Methods Use in HTTP/HTTPS:
GET: The GET method is used to fetch data from the server. It is used for accessing any resource.
POST: The POST method is used to send data to the server. For example: Create a post.
PUT: The PUT method is used to update current data on the server.
DELETE: The DELETE method is used to request the server to delete a file at a location specified by the given URL.
CONNECT: The CONNECT method is used by the client to establish a network connection to a web server over HTTP.
OPTIONS: The OPTIONS method is used by the client to find out the HTTP methods and other options supported by a web server. To know what kind of HTTP methods are enabled on a remote server we can send a request using the OPTIONS method.
TRACE: The TRACE method is used to echo the contents of an HTTP request back to the requester.
Though these are some methods that are used in both HTTP and https. There are some differences between HTTP and https. HTTPS is secure than HTTP. When we entering sensitive data into the form fields on a website, if the website is HTTP based that data is transmitted in clear text and can be read by anyone. For example, I am doing online shopping by giving my card details, my data is insecure if the site is HTTP based. Because HTTP transmitted card details in plain text which is readable by anyone. HTTPS is the solution to this problem. HTTPS uses an encryption protocol called SSL (Secure Socket Layer). In https, those sensitive data is actually encrypted which is much safer. This is in general. There are some other things in the https working process. The following picture show the difference-