Understanding HTTP & HTTPS: Methods, Requests, Responses, and Security

What is HTTP?

Hyper Text Transfer Protocol (HTTP) is a simple request‑response protocol built on top of TCP. It defines how a client formats a request and how a server formats a response. HTTP is stateless, meaning each request is independent and no session data is stored by the protocol itself.

HTTP request structure

An HTTP request consists of a request line, request headers, and an optional request body.

Common HTTP methods

GET

: Retrieve a resource identified by a URI; parameters are appended to the URL. POST: Submit data to the server, typically placed in the request body. PUT: Upload a file or replace the resource at the given URI. HEAD: Like GET but returns only headers, useful for checking resource validity. DELETE: Remove the resource at the specified URI. OPTIONS: Query which HTTP methods are supported by a URI.

POST request example

# Method URL Version  (request line)
POST /httpLearn/postRequest HTTP/1.1
# Request headers
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)
Content-Length: 126
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

# Request body
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="param"

post
----WebKitFormBoundary7MA4YWxkTrZu0gW

GET request example

# Method URL Version  (request line)
GET /httpLearn/getRequest?param=123 HTTP/1.1
# Request headers
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)

GET vs POST

Function : GET retrieves data; POST creates or modifies data on the server.

REST semantics : GET is idempotent; POST is not.

Parameter location : GET parameters appear in the URL; POST parameters reside in the request body.

Security : POST hides parameters in the body, making them less exposed than GET.

Size limits : GET is limited by URL length; POST has no practical size limit.

HTTP response structure

An HTTP response includes a status line, response headers, and an optional response body.

Response code categories

1xx (Informational) : Server received the request and needs further action.

2xx (Success) : Request was successfully processed.

3xx (Redirection) : Additional action required to complete the request.

4xx (Client Error) : The request contains syntax errors or cannot be fulfilled.

5xx (Server Error) : The server failed to fulfill a valid request.

Response example

# Status line
HTTP/1.1 200 OK
# Response headers
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Date: Wed, 19 Jan 2022 11:37:00 GMT
Keep-Alive: timeout=60
Connection: keep-alive

# Response body
post request is ok, param = post

Full HTTP request lifecycle

When you type www.baidu.com into a browser and press Enter, the following steps occur:

Domain name resolution via browser cache, OS cache, hosts file, router cache, and recursive DNS lookup.

TCP three‑way handshake to establish a connection.

The browser sends an HTTP request.

The request traverses routers and firewalls to reach the server.

The server processes the request and returns an HTML document.

The browser parses and renders the HTML.

The server closes the TCP connection with a four‑way handshake.

HTTPS overview

HTTPS runs over TCP like HTTP but adds encryption via SSL/TLS, providing confidentiality, integrity, and authentication.

How HTTPS works

Client initiates a connection to the server on port 443.

Server presents a digital certificate (self‑signed or from a trusted CA).

Client validates the certificate’s issuer, expiration, and integrity.

Client generates a random value (pre‑master secret) and encrypts it with the server’s public key.

Server decrypts the pre‑master secret with its private key.

Both parties derive a symmetric session key from the pre‑master secret.

Subsequent data exchange is encrypted with the symmetric key.

HTTPS advantages and drawbacks

Advantages : Protects against eavesdropping, impersonation, and tampering.

Drawbacks : Additional handshake steps increase latency (≈ 50 % longer page load), consume more CPU and memory, and require certificate management.

Key differences between HTTP and HTTPS

Port : HTTP uses port 80; HTTPS uses port 443.

Resource consumption : HTTPS incurs extra CPU and memory overhead due to encryption/decryption.

Certificate cost : HTTPS requires a valid certificate, which may involve purchase from a Certificate Authority.