HTTP: Hypertext Transfer Protocol

What is HTTP?

HTTP (Hypertext Transfer Protocol) is the protocol that powers the World Wide Web. Created by Tim Berners-Lee at CERN in 1991, it defines how messages are formatted and transmitted between web browsers and servers.

HTTP is a stateless, text-based protocol that operates at the application layer of the networking stack. Each request from a client is independent. The server does not retain any memory of previous requests.

Originally built on top of TCP for reliable delivery, HTTP/3 now uses QUIC as its transport layer for improved performance. Every web page you visit, every API call your app makes, and every image your browser loads relies on HTTP.

How HTTP Requests and Responses Work

HTTP follows a simple client-server model. A client (usually a web browser) sends an HTTP request to a server, and the server sends back an HTTP response. This request-response cycle is the foundation of every interaction on the web.

Every web page load, API call, image fetch, and file download uses this pattern. The client identifies the resource it wants using a URL (Uniform Resource Locator), and the server responds with the requested data and a status code indicating success or failure.

HTTP is stateless by design, meaning each request is completely independent. The server treats every request as if it has never seen the client before. To maintain state across requests (like keeping a user logged in), web applications use cookies, session tokens, or JWTs layered on top of HTTP.

HTTP Request Methods: GET, POST, PUT, PATCH, DELETE

HTTP defines a set of request methods that indicate the desired action to perform on a resource. Each method has specific semantics that servers and clients agree on.

GET retrieves data without side effects. POST submits data to create a new resource. PUT replaces an entire resource. PATCH applies a partial update. DELETE removes a resource.

Methods are classified by two important properties. Safe methods (GET, HEAD, OPTIONS) do not modify data on the server. They are read-only. Idempotent methods (GET, PUT, DELETE) produce the same result no matter how many times you repeat them, which is critical for retry logic and reliability.

HTTP Status Codes: 1xx Through 5xx

Every HTTP response includes a three-digit status code that tells the client what happened. Status codes are grouped into five categories by their first digit.

HTTP Headers Explained

HTTP headers carry metadata about the request or response. They are key-value pairs sent before the message body and control everything from content negotiation to caching behavior.

Common request headers include Host (which server to contact), Accept (what content types the client wants), Authorization (credentials), User-Agent (the client software), and Content-Type (format of the request body).

Common response headers include Content-Type (format of the response body), Cache-Control (caching rules), Set-Cookie (store data on the client), and Location (redirect target).

Custom headers historically used an X- prefix (like X-Request-ID). This convention is now deprecated by RFC 6648 but remains extremely common in practice.

HTTP Version History: HTTP/1.0 to HTTP/3

HTTP has evolved significantly since its creation, with each version addressing performance limitations of the previous one.

HTTP/1.0 (1996)

The first standardized version. Each request required opening a new TCP connection, making pages with many resources painfully slow.

HTTP/1.1 (1997)

Introduced keep-alive connections (reuse TCP connections), chunked transfer encoding, and the required Host header enabling virtual hosting. Still the most widely deployed version.

HTTP/2 (2015)

A major leap forward. Multiplexing allows multiple requests over a single connection simultaneously. Binary framing replaces text parsing. Header compression (HPACK) reduces overhead. Server push lets servers proactively send resources.

HTTP/3 (2022)

Replaces TCP with QUIC, a UDP-based transport. Faster connection setup (0-RTT resumption), better handling of packet loss, and improved mobile performance when switching networks. The future of the web.

Common Use Cases for HTTP

• Web browsing: loading pages, images, scripts, and stylesheets
• REST APIs: communication between frontends and backends
• Microservice communication: service-to-service calls within a cluster
• Webhooks: server-to-server event notifications
• File downloads: retrieving documents, media, and software

Frequently Asked Questions About HTTP

Is HTTP secure?

No. HTTP sends all data in plaintext, which means anyone on the network can read the contents. Use HTTPS for encrypted, secure communication.

What is the difference between HTTP GET and POST?

GET retrieves data from the server and includes parameters in the URL. POST sends data to the server in the request body, typically to create or submit something. GET is safe and idempotent; POST is neither.

Why is HTTP a stateless protocol?

Statelessness simplifies the protocol and improves scalability. Any server can handle any request without needing shared memory. State is managed at the application level using cookies, session tokens, or JWTs.

What port does HTTP use by default?

Port 80 by default, but HTTP can run on any port. Development servers commonly use ports like 3000, 5000, or 8080.

What is the difference between HTTP/2 and HTTP/3?

HTTP/2 runs on TCP and uses multiplexing to send multiple requests over one connection. HTTP/3 replaces TCP with QUIC (a UDP-based transport), which eliminates head-of-line blocking, provides faster connection setup with 0-RTT resumption, and handles network switching (like WiFi to cellular) more gracefully.

Related Protocols

• HTTPS: HTTP with TLS encryption for secure communication
• Modbus TCP: industrial protocol that also runs over TCP/IP
• Modbus RTU: serial protocol for industrial automation