HTTP

HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers.

[21] In HTTP/1.1 instead a TCP connection can be reused to make multiple resource requests (i.e. of HTML pages, frames, images, scripts, stylesheets, etc.).

[22][23] HTTP/1.1 communications therefore experience less latency as the establishment of TCP connections presents considerable overhead, especially under high traffic conditions.

The term hypertext was coined by Ted Nelson in 1965 in the Xanadu Project, which was in turn inspired by Vannevar Bush's 1930s vision of the microfilm-based information retrieval and management "memex" system described in his 1945 essay "As We May Think".

Berners-Lee designed HTTP in order to help with the adoption of his other idea: the "WorldWideWeb" project, which was first proposed in 1989, now known as the World Wide Web.

In June 1999, RFC 2616 was released to include all improvements and updates based on previous (obsolete) HTTP/1.1 specifications.

A few proposals / drafts were produced for the new protocol to use multiplexing of HTTP transactions inside a single TCP/IP connection, but in 1999, the group stopped its activity passing the technical problems to IETF.

[35][36] In 2009, Google, a private company, announced that it had developed and tested a new HTTP binary protocol named SPDY.

In June 2014, the HTTP Working Group released an updated six-part HTTP/1.1 specification obsoleting RFC 2616:

HTTP is a stateless application-level protocol and it requires a reliable network transport connection to exchange data between client and server.

Upon receiving the request the server sends back an HTTP response message, which includes header(s) plus a body if it is required.

Another positive side effect is that, in general, the connection becomes faster with time due to TCP's slow-start-mechanism.

HTTP/1.1 added also HTTP pipelining in order to further reduce lag time when using persistent connections by allowing clients to send multiple requests before waiting for each response.

After many years of struggling with the problems introduced by enabling pipelining, this feature was first disabled and then removed from most browsers also because of the announced adoption of HTTP/2.

The HTTP Authentication specification also provides an arbitrary, implementation-specific construct for further dividing resources common to a given root URI.

The realm value string, if present, is combined with the canonical root URI to form the protection space component of the challenge.

A stateless protocol does not require the web server to retain information or status about each user for the duration of multiple requests.

[note 4] A client sends request messages to the server, which consist of:[47] In the HTTP/1.1 protocol, all header fields except Host: hostname are optional.

A request line containing only the path name is accepted by servers to maintain compatibility with HTTP clients before the HTTP/1.0 specification in RFC 1945.

However, the HTTP/1.1 specification[50] formally defined and added five new methods: PUT, DELETE, CONNECT, OPTIONS, and TRACE.

Safe methods can still have side effects not seen by the client, such as appending request information to a log file or charging an advertising account.

This is discouraged because of the problems which can occur when web caching, search engines, and other automated agents make unintended changes on the server.

[60] A properly coded website would require a DELETE or POST method for this action, which non-malicious bots would not make.

One example of this occurring in practice was during the short-lived Google Web Accelerator beta, which prefetched arbitrary URLs on the page a user was viewing, causing records to be automatically altered or deleted en masse.

A website might, for instance, set up a PUT endpoint to modify a user's recorded email address.

It is perfectly possible to write a web application in which (for example) a database insert or other non-idempotent action is triggered by a GET or other request.

To do so against recommendations, however, may result in undesirable consequences, if a user agent assumes that repeating the same request is safe when it is not.

The standard reason phrases are only recommendations, and can be replaced with "local equivalents" at the web developer's discretion.

"Content-Type" specifies the Internet media type of the data conveyed by the HTTP message, while "Content-Length" indicates its length in bytes.

Some old implementations of HTTP/1.0 omitted the header "Content-Length" when the length of the body entity was not known at the beginning of the response and so the transfer of data to client continued until server closed the socket.

An HTTP/1.1 request made using telnet. The request message, response header section, and response body are highlighted.