top of page
  • Writer's pictureNexix Security Labs

Understanding Of Web Protocols - HTTP and HTTPS


HTTP vs. HTTPS: What are the differences?

Say it HTTP Protocol or hypertext transfer protocol, it is an entente that supports communication between web browsers and web servers. It’s an application layer protocol for collaborative information systems. In simpler language ‘Web Server’ is an HTTP server. The RFC states that the HTTP protocol generally takes place over a TCP connection, but the protocol itself is not dependent on a specific transport layer.

A brief overview regarding its functions goes like the following – Whenever the client submits an HTTP request message to the server, as a consequence the server returns a response message. This response message includes the requested content, HTML files, etc. in its message body. An HTTP session is a sequence of network request and response transactions. HTTP resources are identified and positioned on the network by Uniform Resource Locators (URLs), via Uniform Resource Identifiers (URI’s).

The very first version was HTTP v0.9 while presently the version commonly in use is HTTP/1.1 with added features like a keep-alive mechanism (connection is reusable for 1+ requests), and improvement in bandwidth optimization over HTTP/1.0. Apart from this it’s a stateless protocol i.e. it does not require retaining user information for multiple requests; however, some applications may use cookies for the same.

Now, how does it mentions and performs the desired action? HTTP does this by defining various methods. Some of them are below:

  • GET – requests a representation of a specified resource.

  • HEAD – asks for a response identical to GET without a response body.

  • POST – it requests the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.

  • PUT – it requests that the enclosed entity be stored under the supplied URI.

  • DELETE – deletes the specified resource.

  • TRACE – it echoes the received request.

  • OPTIONS – it returns the HTTP methods that the server supports for the specified URL.

  • CONNECT – it converts the request connection to a transparent TCP/TL tunnel.

  • PATCH – it applies partial modifications to a resource.

Methods comprising of GET, HEAD, OPTIONS, and TRACE are defined to be as safe. In an ease verb, they do not have side effects while POST, PUT, DELETE and PATCH may have some. Additionally, PUT and DELETE are also known as idempotent methods. That is there multiple requests create a similar effect as a single request. Also, the TRACE method is often utilized for cross-site tracing attacks.

Coming to the response message, it includes 4 parts –

  • A status line, consisting of the protocol version plus numeric status code and its associated textual phrase, with each element separated by SPECIAL Characters.

  • Response Header Fields, allows the server to pass additional information about the response which cannot be placed in the Status-Line. Overall it provides information about the server and further access to the resource identified by the Request – URL.

  • Then roll-ups an empty line.

  • And finally an optional message body.

To indicate whether a specific HTTP request has been completed, HTTP uses response status codes. Some of them are –

  • Informational Response (100 - 199)

  • Successful Response (200 - 299)

  • Redirection Response (300 - 399)

  • Client Error Response (400 - 499)

  • Server Error Response (500 - 599)

What and Why of HTTPS?

We know that, ‘Encryption’ is the method by which information is converted into a secret code that hides the information’s true meaning. Similarly, HTTPS establishes an encrypted HTTP connection. It’s an extension of HTTP, used for more secure communication over a computer network, and is widely used on the Internet. HTTPS does this by providing an SSL or TLS digital certificate to secure the communication between server and client. The communication is encrypted using Transport Layer security.

https Explain

It is especially important over insecure networks and networks that may be subject to fiddling. A larger number of public Wi-Fi access points, allow anyone on the same local network to packet sniff and notice the sensitive information if not protected by HTTPS. However, HTTPS can increase computational overhead as well as network overhead of the organization.

Comparable protocols besides HTTP and HTTPS are also present. For example, Gopher protocol for content delivery, SPDY protocol is a deprecated open-specification communication protocol developed principally by Google, and Gemini protocol which consents privacy-related features. Lastly, it could be affirmed that, these protocols can be considered as the spine of the Internet, they are the reason behind our unwrinkled and easy going browsing.

For more information visit us on:

To schedule an audit you can contact us on:

Your Security | Our Concern

Recent Posts

See All


bottom of page