Understanding HTTP & HTTPS: Methods, Requests, Responses, and Security Basics

What Is HTTP?

Hyper Text Transfer Protocol (HTTP) is a simple request‑response protocol built on TCP. It defines the messages a client can send to a server and the responses it receives. HTTP is stateless, meaning it does not retain any session information between requests.

HTTP Request Structure

An HTTP request consists of a request line, request headers, and an optional request body.

Common HTTP Methods

GET

: Retrieve a resource identified by a URI; parameters are passed in the URL. POST: Send data to the server, typically used for form submissions. PUT: Upload a file or replace the content at a specific URI. HEAD: Like GET but returns only the headers, useful for checking resource validity. DELETE: Remove the resource at the given URI. OPTIONS: Query the server for supported HTTP methods on a URI.

POST Request Example

# Method URL Version  请求行
POST /httpLearn/postRequest HTTP/1.1
# Request Header  请求头
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)
Content-Length: 126
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

# Request Message  请求体
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="param"

post
----WebKitFormBoundary7MA4YWxkTrZu0gW

GET Request Example

GET requests do not contain a request body.

# Method URL Version  请求行
GET /httpLearn/getRequest?param=123 HTTP/1.1
# Request Header  请求头
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)

GET vs POST

Function: GET retrieves resources; POST updates or creates resources.

REST semantics: GET is idempotent; POST is not.

Parameter location: GET parameters appear in the URL; POST parameters are placed in the request body.

Security: POST hides parameters from the URL, offering better confidentiality.

Size limits: GET is limited by URL length; POST has no practical size limit.

HTTP Response Structure

An HTTP response consists of a status line, response headers, and an optional response body.

Response Code Categories

1xx (Informational): Server has received the request and needs further action.

2xx (Success): The request was successfully received, understood, and accepted.

3xx (Redirection): Further action must be taken to complete the request.

4xx (Client Error): The request contains bad syntax or cannot be fulfilled.

5xx (Server Error): The server failed to fulfill a valid request.

Response Example

# Version  Response Code  状态行
HTTP/1.1 200 OK
# Response Header  响应头
Content-Type:text/plain;charset=UTF-8
Content-Length:31
Date:Wed, 19 Jan 2022 11:37:00 GMT
Keep-Alive:timeout=60
Connection:keep-alive

# Response Message  响应体
post request is ok,param = post

Full HTTP Transaction Steps

Domain name resolution to IP address via cache, hosts file, DNS hierarchy.

Establish a TCP connection (three‑way handshake).

Browser sends an HTTP request.

Request traverses routers and firewalls to reach the server.

Server processes the request and returns an HTML document.

Browser parses and renders the HTML.

Server closes the TCP connection (four‑way handshake).

What Is HTTPS?

HTTPS adds SSL/TLS encryption to HTTP, securing the communication channel. It uses a combination of symmetric (shared‑key) and asymmetric (public‑key) encryption. A digital certificate (public key) is presented by the server and verified by the client.

HTTPS Drawbacks

Multiple handshake steps increase page load time by up to 50%.

Connection caching is less efficient than HTTP, adding overhead and power consumption.

SSL/TLS cryptographic operations consume significant CPU resources.

Differences Between HTTP and HTTPS

Port: HTTP uses port 80; HTTPS uses port 443.

Resource consumption: HTTPS requires additional CPU and memory for encryption.

Cost: HTTPS needs a certificate, typically purchased from a trusted CA.

HTTPS Handshake Process

Client initiates an HTTPS request to the server’s 443 port.

Server presents its digital certificate (public key).

Client validates the certificate (issuer, expiration, etc.).

If valid, the client generates a random value and encrypts it with the server’s public key.

Encrypted random value is sent to the server.

Server decrypts the value with its private key and uses it for symmetric encryption.

Both sides exchange data encrypted with the shared symmetric key.

Client decrypts the server’s messages using the shared key.