YouTip LogoYouTip

Http Intro

Introduction to HTTP/HTTPS

HTTP (Hypertext Transfer Protocol)

HTTP is a protocol used for transmitting hypertext from a network to a local browser. It defines the format of requests and responses between clients and servers. HTTP operates on top of the TCP/IP model and typically uses port 80.

HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is the secure version of HTTP, which adds the SSL/TLS protocol to HTTP, providing data encryption, integrity verification, and authentication. HTTPS typically uses port 443.

HTTP

HTTP stands for Hyper Text Transfer Protocol, a protocol used for transmitting hypertext from World Wide Web (WWW) servers to local browsers.

HTTP is a data transmission protocol based on the TCP/IP communication protocol, used to transmit data such as HTML files, image files, query results, etc.

HTTPS

HTTPS stands for HyperText Transfer Protocol Secure, a protocol for secure communication over computer networks.

HTTP itself is insecure because transmitted data is not encrypted and may be intercepted or tampered with. To solve this problem, HTTPS was introduced, which adds the SSL/TLS protocol to HTTP, providing encryption and authentication for data transmission.

HTTPS communicates through HTTP but uses SSL/TLS to encrypt data packets. The main purpose of developing HTTPS is to provide server identity authentication and protect the privacy and integrity of exchanged data.

The URL of HTTP starts with http:// and defaults to port 80, while the URL of HTTPS starts with https:// and defaults to port 443.

Image 1

How HTTP Works

The HTTP protocol works in a client-server architecture.

The typical process of HTTP operation is as follows:

  1. Client initiates request: Users enter a URL through a client (such as a browser), and the client initiates an HTTP request to the server.
  2. Server processes request: After receiving the request, the server processes it according to the request type (such as GET, POST, etc.) and the requested resource.
  3. Server returns response: The server packages the processing result into an HTTP response message and sends it back to the client.
  4. Client renders page: After receiving the response, the client renders the page based on the response content (such as HTML, images, etc.), and displays it to the user.

Web servers include Nginx server, Apache server, IIS server (Internet Information Services), etc.

The default port number for HTTP is 80, but you can also change it to 8080 or other ports.

Three Key Points about HTTP:

  • HTTP is connectionless: Connectionless means that each connection is limited to processing one request. After the server handles the client's request and receives the client's acknowledgment, the connection is terminated. This way can save transmission time.
  • HTTP is media-independent: This means that any type of data can be sent through HTTP as long as the client and server know how to handle the data content. The client and server specify the use of appropriate MIME-type content types.
  • HTTP is stateless: HTTP is a stateless protocol, meaning the protocol has no memory capability for transaction processing. Lack of state means that if subsequent processing requires previous information, it must be retransmitted, which may lead to increased data volume per connection. On the other hand, when the server does not need previous information, its response will be faster.

The following diagram shows the communication flow of the HTTP protocol:

Image 2: cgiarch

Purpose of HTTPS

The main purpose of HTTPS is to create a secure channel over an insecure network and provide reasonable protection against eavesdropping and man-in-the-middle attacks when appropriate encryption packets and trusted server certificates are used.

HTTPS trust is based on certificate authorities (CA) pre-installed in the operating system.

Therefore, an HTTPS connection with a website can only be trusted under the following conditions:

  • The browser correctly implements HTTPS and the operating system has installed correct and trusted certificate authorities;
  • Certificate authorities only trust legitimate websites;
  • The visited website provides a valid certificate, i.e., it is issued by a trusted certificate authority in the operating system (most browsers will issue warnings for invalid certificates);
  • The certificate correctly verifies the visited website (for example, when accessing , a certificate issued to www..com rather than another domain name is received);
  • The encryption layer (SSL/TLS) of this protocol can effectively provide authentication and strong encryption.

Browsers such as Google Chrome, Internet Explorer, and Firefox will issue warnings when a website contains mixed content composed of encrypted and unencrypted content.

HTTP connection shows as unsafe:

Image 3

HTTPS connection shows as secure:

Image 4

Differences Between HTTP and HTTPS

Although HTTP and HTTPS are very similar in name, they have fundamental differences in security: HTTPS uses the SSL/TLS protocol to provide encryption and integrity verification for data transmission, thereby protecting user privacy and data security. With the increase in cybersecurity awareness, more and more websites are starting to use HTTPS to protect user data.

Image 5

At the same time, mainstream browsers and search engines are encouraging websites to use HTTPS.

Therefore, for websites involving sensitive information transmission, it is recommended to use HTTPS to improve security.

Main differences are as follows:

  • Encryption:
    • HTTP: Data is not encrypted during transmission and is easy to be intercepted and tampered with.
    • HTTPS: Uses SSL/TLS protocol to encrypt transmitted data, protecting the security of the data transmission process.
  • Port:
    • HTTP: Defaults to port 80.
    • HTTPS: Defaults to port 443.
  • Security:
    • HTTP: Does not provide data encryption, low security.
    • HTTPS: Provides data encryption and integrity verification, high security.
  • Certificate:
    • HTTP: No certificate required.
    • HTTPS: Requires an SSL certificate to enable encryption and verify the server's identity.
  • Performance:
    • HTTP: Slightly higher performance than HTTPS due to no data encryption.
    • HTTPS: May have some performance overhead due to the need for encryption and decryption.
  • Search Engine Optimization (SEO):
    • HTTP: Search engines may downgrade websites not using HTTPS.
    • HTTPS: Search engines tend to prioritize indexing and displaying websites using HTTPS.
  • Browser Display:
    • HTTP: HTTP websites are usually displayed as "unsafe" in most modern browsers.
    • HTTPS: Browsers display a lock icon, indicating that the website is secure.
  • Cost:
    • HTTP: Usually free.
    • HTTPS: Requires purchasing an SSL certificate, which may incur some costs.
  • Application Scenarios:
    • HTTP: Suitable for websites that do not require sensitive information transmission, such as news websites, blogs, etc.
    • HTTPS: Suitable for websites that require sensitive information transmission, such as online banking, online shopping, email, etc.

More Reference Content

← Http MessagesHttp Tutorial β†’