Understanding HTTP & HTTPS: Methods, Requests, Responses, and Security

HTTP (Hyper Text Transfer Protocol) is a simple request‑response protocol built on TCP, defining how clients send messages to servers and receive responses.

It is stateless, meaning each request is independent, which keeps the protocol simple and efficient.

HTTP Request Structure

An HTTP request consists of a request line, request headers, and an optional request body.

Common HTTP Methods

GET

: Retrieve resources identified by a URI, parameters passed in the URL. POST: Send data to the server, typically used for creating or updating resources. PUT: Upload a file, storing its content at the specified URI. HEAD: Like GET but returns only headers, useful for checking resource validity. DELETE: Remove the resource at the given URI. OPTIONS: Query the supported methods for a URI.

POST request example

# Method URL Version  请求行
POST /httpLearn/postRequest HTTP/1.1
# Request Header
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)
Content-Length: 126
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

# Request Message
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="param"

post
----WebKitFormBoundary7MA4YWxkTrZu0gW

GET request example

GET requests have no request body.

# Method URL Version  请求行
GET /httpLearn/getRequest?param=123 HTTP/1.1
# Request Header
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)

Differences Between GET and POST

Function: GET retrieves resources; POST updates or creates resources.

Idempotence: GET is idempotent; POST is not.

Parameter placement: GET parameters appear in the URL; POST parameters are in the request body.

Security: POST hides parameters in the body, offering better confidentiality.

Size limits: GET is limited by URL length; POST has no practical size limit.

HTTP Response Structure

An HTTP response consists of a status line, response headers, and a response body.

Response Code Categories

1xx – Informational

2xx – Success

3xx – Redirection

4xx – Client error

5xx – Server error

Response example

# Version  Response Code  状态行
HTTP/1.1 200 OK
# Response Header
Content-Type:text/plain;charset=UTF-8
Content-Length:31
Date:Wed, 19 Jan 2022 11:37:00 GMT
Keep-Alive:timeout=60
Connection:keep-alive

# Response Message
post request is ok,param = post

Complete HTTP Request Flow

When entering www.baidu.com in a browser, the following steps occur:

Domain name resolution via browser cache, OS cache, hosts file, router cache, and recursive DNS lookup.

TCP three‑way handshake to establish a connection.

Browser sends an HTTP request.

Request traverses routers and firewalls to reach the server.

Server processes the request and returns an HTML document.

Browser parses and renders the HTML.

Server closes the TCP connection with a four‑way handshake.

HTTPS Overview

HTTPS runs over TCP like HTTP but adds SSL/TLS encryption, providing confidentiality, integrity, and authentication.

HTTPS Workflow

Client initiates an HTTPS request to the server’s port 443.

Server presents a digital certificate containing a public key.

Client validates the certificate (issuer, expiration, etc.).

Client generates a random value and encrypts it with the server’s public key.

Encrypted random value is sent to the server.

Server decrypts it with its private key and uses the value to derive a symmetric session key.

Both sides encrypt subsequent traffic with the symmetric key.

Client decrypts the server’s messages using the same session key.

HTTPS Drawbacks

Additional handshake steps increase page load time by about 50%.

Connection caching is less efficient, adding bandwidth and power overhead.

SSL/TLS cryptographic operations consume significant CPU resources.