HTTP/S

HTTP (Hypertext Transfer Protocol)

HTTP is the foundation of communication on the web, enabling data exchange between a web browser (client) and a web server. It operates on port 80 and follows a stateless design, meaning it does not retain information from previous interactions. However, HTTP does not encrypt transmitted data, making it vulnerable to interception and cyber threats.

HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is the secure version of HTTP, incorporating SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption to protect data exchanged between the client and server. It ensures confidentiality, integrity, and authentication, safeguarding against eavesdropping, data tampering, and impersonation. HTTPS operates on port 443, making it the preferred choice for secure web communication.

Structure of HTTP/HTTPS Protocol

Both HTTP and HTTPS follow a client-server model and operate at the application layer of the OSI model.

Request (From Client to Server)

A message sent by the client to request resources or perform actions on the server. It includes:

• Method (e.g., GET, POST) – Specifies the action to be performed.

• URL – Identifies the requested resource.

• Request Headers – Provide additional information like authentication details or content type.

Response (From Server to Client)

A message sent by the server containing the requested resource or the result of the request. It includes:

• Status Codes (e.g., 200 OK, 404 Not Found) – Indicate the outcome of the request.

• Response Headers – Contain metadata like content type and caching instructions.

• Body (Optional) – May include the requested data, such as a web page or API response.

Encryption (For HTTPS Only)

In HTTPS, data is encrypted using SSL/TLS during transmission. To ensure secure communication, the server must present a digital certificate issued by a trusted Certificate Authority (CA) for authentication.