What, Why, and How about HTTP and HTTPS for beginners?

When I was in Class 8, I learned about the basics of HTML. But due to the unavailability of resources. I am unable to fire my curiosity to know more about a website and how it gets delivered from server to web browser.

Just saw a Quote that is

“It’s never too late, to start something”.

So Let’s Start to understand HTTP and HTTPS.

I will follow Feynman's Technique to understand you.

What are HTTP and HTTPS?

HTTP(Hypertext Transfer Protocol) and HTTPS(Hypertext Transfer Protocol Secure) are protocols that enable communication between client and server over the Internet. Both protocols are used to transfer data from web servers to web browsers, however, HTTPS is much more secure than HTTP because it uses SSL (Secure Sockets Layer) to transfer data.

Why and How about HTTP and HTTPS?

HTTP is an application-level protocol for distributed, collaborative, hypermedia information systems. It is a foundation of data communication for the World wide web.HTTP is used to transfer webpages from server to browser as well as to transfer images, scripts, style sheets, audio and video files, and other necessary files within webpages.

HTTPS is the secure version of HTTP, which is used to transfer data securely over the Internet.HTTPS uses SSL to encrypt the data before it is transmitted and is therefore much more secure than HTTP. SSL creates an encrypted connection between the browser and the web server, which prevents unauthorized access to the data being transferred.

In conclusion, HTTP and HTTPS are both protocols used to transfer data over the Internet, but HTTPS is much more secure than HTTP because it uses SSL to encrypt the data.HTTPS is used for websites that require secure transactions, such as online banking and e-commerce websites.

From Diagram:-

How HTTP exists at the Application layer From OSI Model

Those who understand Hindi can Memorise this line:

“Aaj Phir se Test nhi dena phir”. Those who do not understand Ignore. Let’s move forward.

Let’s Discuss a few most important features of HTTP.

1. HTTP is connectionless: When the request is made, The client gets disconnected from the server, then when the response is ready the server re-establish the connection again and delivers the response.
2. HTTP is stateless: The client and the server know about each other just during the current request, if it closes, and the two computers want to connect again, they need to provide information to each other, and the connection is handled first.

Let’s fall in deep dive in to HOW?

An HTTP message (either a request or a response) contains multiple parts:

• start line
• headers
• body

HTTP handles two types of methods.

1. request
2. response

First one is request

1.Request

GET /players/lebron-james HTTP/1.1

GET is method here.

URI :- Uniform resource identifier. e.g:-players/lebron-james

• URI is a set of readable characters.
• and a way to locate the resources.

HTTP Version is HTTP/1.1.

Header:-Specifies some information and the rules e.g:- server.

This should not nothing hard to understand.

2.Response

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: private, max-age=3600

{"name": "Lebron James", "birthplace": "Akron, Ohio", ...}

you think now what is written.

Here,It is written in first Line Status Code.

So Status Code tells the client about the request it is succeded or failed.

e.g.-200,ok,404 not found;

Few status code to get error when

100–199->info

200–299->success->202

300–398->redirect->temp

400–499->client error ->bad syntax

500–599->server error->failed in valid request.

Now let’s understand what is the meaning of S in HTTPS, so simply it is secure which means the content traveling between to the browser is encrypted so that no one can penetrate or steal the traveling between the server and the browser.

This security is much needed while doing online payment and logging into some websites.

Now we dig a bit deeper into this security protocol basically we are gonna to go to understand about the encryption.

So have you think who provides this encryption.

The encryption is acheived by SSL/TLS certificate which is provided by a third party CA(certification authority) like Godaddy,cloud flare,sectigo etc. to the website. An SSL Ceritificate stays inside our browser which is used for matching and verifying the approved certificate .

check out browser SSL by clicking

Now let’s understand SSL/TLS

Te complete form of SSL is a secure socket layer and TLS is Transport layer security which is of 2 Type.

SSL Encryption

1. ASymmetric
2. Symmetric

Asymmetric

In Asymmetric encryption ,encryption happens with the browser’s public key but declaration happens with the server’s private key.This kind of encryption is acheived by two types of keys that’s why it is known as an asymmetric method.

(Refer to the video to understand encryption key)

Symmetric

In symmetric encryption, both encryption & decryption occurs with the same key, that’s why this method is known as a symmetric method. for understanding encryption key exchange refer to this video

While SSL encryption, both symmetric and asymmetric method works combine to give more security.

This is my first article .Any feedback is accepted respectfully.

To know more about this and want to clarify your confusion,

Feel free to as in the Comment box.

Thanks to my mentor Ankit Kumar for sharing guidance.