HTTP Protocol

Understanding HTTP Protocol

HTTP Protocol (or, Hypertext Transfer Protocol) is a network protocol used for transferring files on the internet. It is a stateless protocol which can be used to send not just files but resources (like dynamically generated query results, output of CGI script and other data) also. HTTP resources are identified and located on the internet by Uniform resource Identifiers (or, URIs) or Uniform Resource Locators (or, URL).

HTTP Protocol

HTTP/1.1 the current version of HTTP is a revision to the original HTTP. HTTP/1.1 allows content streaming on persistent connections. HTTP pipelining reduces lag time, allows multiple requests from clients and services the requests accordingly.

A Brief Definition

According to World Wide Web Consortium RFC, Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems.

HTTP Session

HTTP facilitates communication between various types of hosts and clients from a complex set of mixed network configurations. Communication between host and client occur via request/response. The client sends a HTTP Request message which is served by HTTP Response.

HTTP Protocol Session

The web browser is the HTTP Client as it sends requests to the HTTP Server (or web server), which then responds back to the browser with the required resource.

A HTTP client before making a request establishes a Transmission Control Protocol (or, TCP) connection to a particular port on a server (usually Port: 80 get used). The HTTP Server waits for the client message on the pre-defined port. The request is served by a status line and a message. The body of the message is returned as the requested resource, otherwise an error message or other information may also be returned.

HTTP Request Methods

A client uses a request method to send a request message to an HTTP Server. HTTP protocol specified request methods are as follows:

HTTP Protocol method

Status Codes

The first line of HTTP Response is called the status line. The status line includes a numeric status code and a reason phrase. The status code helps the clients to interpret response received from the server. Some of the most popular status codes starting with numbers 1,2,3,4 and 5 are listed below. The numbers 1,2,3,4 and 5 could be followed by other combinations represented by 'N'.

1NN: Informational Messages

Introduced in HTTP/1.1 this class of code are provisional.

2NN: Successful

This code informs a client that the request was successfully processed.

  • 200 OK: Most common code sent across for every successful HTTP Interaction.
  • 202 Accepted: The request was accepted but may not include a message body.
  • 204 No content: No message body in the response.
  • 205 Reset Content: Client indicated to reset the document view
  • 206 Partial Content: Indicates to the client that the response contains partial contents.

3NN: Redirection

It informs the client to take additional actions. Some of the codes are:

  • 301 Moved Permanently: The resource is located on a new URL.
  • 302 Moved Temporarily: The resource temporarily is located on a new URL.
  • 303 See Other: The resource is shifted to a new location temporarily.
  • 304 Not Modified: Clients entity tag is compared with the server computed entity tag to check for any modifications. If the resource is unchanged then the client should use its cached copy.

4NN: Client Error

These codes are used by the server when it thinks there is a fault due to invalid resource requests or bad requests. Some of the codes are:

  • 400 Bad Request: A malformed request.
  • 401 Unauthorized: The request requires authentication.
  • 403 Forbidden: Server has denied access to the resource.
  • 404 Not Found: Server cannot retrieve the page that was requested.
  • 405 Method Not Allowed: Server does not support the method invoked.
  • 409 Conflict: Request serving by the server is incomplete due to resource modification by the client..

5NN: Server Error

These codes are used when the server fails to process a request. Some of them are:

  • 501 Not Implemented: The server is unable to support the requested functionality.
  • 503 Service Unavailable: It appears if the server becomes overloaded or any internal system on the server has failed.

Request/ Response Message Formats

According to HTTP specifications, the request or response message has a specific structure. The generic structure looks like:

HTTP Protocol Messages

New lines must be placed between message HTTP headers and body. There can be one or more HTTP headers like:

  • General Headers
  • Request Specific Headers
  • Response Specific Headers
  • Entity Headers

General Headers

Few headers are shared by both request and response messages.

HTTP Protocol Headers
Entity Headers

Entity headers provide meta-information about message body. The header looks like:

HTTP Protocol Headers

Although HTTP supports custom header it only looks for Request and Response header. Their formats are described in the following section.

Request Format

The request message has a generic structure. The request line differs only and looks like the following:

HTTP Protocol Request

A typical request message looks like

HTTP Protocol GET Message
Response Format

The response format structure is similar to request message. The status line and the headers are only different from request message. The status line structure is as follows:

HTTP Protocol Response

A status line for a successful message looks like:

HTTP Protocol Status Code

The full set response headers looks like

HTTP Protocol Response Headers

HTTP Debugger is an advanced HTTP Protocol Analyzer for developers and provides all in depth information for debugging websites and Internet applications.

HTTP Debugger is a proxy-less HTTP sniffer for developers that provides the ability to capture and analyze HTTP headers, cookies, POST params, HTTP content and CORS headers from any browser or desktop application. Very easy to use, with clean UI, and short ramp-up time.
Download FREE 7-Day Trial

HTTP Debugger Pro

  • See all in/out HTTP traffic, HTTP headers, cookies, POST params, HTTP content
  • Isolate and fix performance bottlenecks, detect and eliminate security issues
  • Very easy of use, clean UI, and short ramp-up time. Not a proxy, no network issues!
Download Free Trial