# HTTP and HTTPS ## What is HTTP HTTP, the HyperText Transfer Protocol, is the foundation of data communication on the World Wide Web. It is an application layer protocol that defines how messages are formatted and transmitted between web browsers and web servers. HTTP follows a client-server model where the client, typically a web browser, sends requests to the server, and the server responds with the requested resources. HTTP is a stateless protocol, meaning each request is treated independently without any memory of previous interactions. ## HTTP Request and Response An HTTP request consists of a method indicating the type of request, a URL identifying the resource being requested, headers containing metadata about the request, and optionally a message body containing data. The GET method requests a resource from the server. The POST method submits data to the server, such as form data. The PUT method uploads a resource to the server. The DELETE method requests deletion of a resource. The HEAD method requests only the headers, not the body, of a response. An HTTP response consists of a status line containing the HTTP version and a status code, response headers, and the response body containing the requested resource. Status codes are three-digit numbers grouped into categories. Codes in the 200s indicate success, with 200 OK being the most common. Codes in the 300s indicate redirection. Codes in the 400s indicate client errors, with 404 Not Found and 403 Forbidden being common examples. Codes in the 500s indicate server errors. ## HTTP Versions HTTP/1.0 required a new TCP connection for each request. HTTP/1.1 introduced persistent connections, allowing multiple requests and responses over a single TCP connection. It also introduced pipelining, allowing clients to send multiple requests without waiting for responses. HTTP/2 introduced binary framing, header compression, request multiplexing over a single connection, and server push. HTTP/3 uses QUIC rather than TCP as the transport protocol, providing improved performance especially on lossy networks. ## HTTPS HTTPS, HyperText Transfer Protocol Secure, is HTTP with Transport Layer Security encryption added. While HTTP transmits data in plaintext that anyone intercepting the traffic can read, HTTPS encrypts all data exchanged between the browser and server. This protects the confidentiality of the data, prevents tampering with the data in transit, and authenticates the server's identity through digital certificates. ## TLS Handshake in HTTPS When a browser connects to an HTTPS website, it first establishes a TCP connection, then performs a TLS handshake. During the handshake, the server presents its certificate, which the browser verifies. They negotiate the encryption algorithm and exchange keys. After the handshake, all communication is encrypted. The padlock icon in a browser address bar indicates an HTTPS connection with a valid certificate.