What are HTTP, HTTPS, and HTTP/2/3?

Behind every website on your screen is a constant, complex back-and-forth exchange between your browser and a website's server. Each time you interact with a website–including when you first open it– your client (browser) sends an HTTP request to the server, which in turn sends back an HTTP response. When you click on something, the same exchange happens.

In this post, we will discuss HTTP and why it is vital to the Internet as a whole, to all online data exchange, and to how it powers our websites. We will also compare it to its two new versions (HTTP/2 and HTTP/3) and the secure layer (HTTPS).

This post includes:

• What is HTTP?
• What is HTTPS?
• What are HTTP/2 and HTTP/3?

What is HTTP?

HTTP stands for Hypertext Transfer Protocol (the newest version is HTTP 1.1), which facilitates retrieving resources from a server.

When you open FastComet.com, your browser sends an HTTP request to our server. That request contains specific encoded data that, as the name suggests, request a particular resource from the server. The server knows which resource your browser looks for by the URL within the request. If it exists, the server sends it back as an HTTP response.

That is the super simple explanation of HTTP. Still, it perfectly portrays its role online: it enables clients and servers to exchange data, a fundamental part of the Internet. This exchange happens whenever you open a website or click on anything. Whenever a new resource is needed, the browser asks for it, and the server delivers it if it is available. Let us take a look at precisely what each request and response contains!

• HTTP Request - This is what your client (web browser) sends to the website's server. It contains:
  • HTTP Method - This specifies the action the client wants to perform (more about Methods below);
  • URL - Next, the request has the resource location that it is trying to access;
  • Headers - Additional information such as browser type, preferred language, and cookies are specified here;
  • Body - Finally, this is an optional section that contains data to be sent to the server when such an action is required;
• HTTP Response - When the server receives your browser's HTTP request, it comes back with an HTTP response that typically contains:
  • Status Code - Have you ever seen the status code 404 Not Found? Then you already know what status codes are! The code the server returns within its response shows what happened with the request. As the user, you rarely see the actual code itself on your screen since, most of the time, the browser processes it in the background. The two most common ones are 200 OK and 404 Not Found. The former is returned when the server found the resource and the latter when it did not;
  • Headers - Like the headers in the request, these contain metadata such as content type (text, HTML, etc.) or caching instructions;
  • Body - If the request was successful, the body has the content the request requested. It could be an HTML page, an image, etc.

After this data exchange is done, the client renders what it received, and you see a website. When you click on something, the process repeats, then again and again each time you request a new resource or, in other words, browse the website.

Earlier, we mentioned HTTP methods. These methods indicate what action the client wants the server to perform. There are far too many methods for us to name them all, but these are the most commonly used.

• GET - Retrieves data from the server. This is the most frequently used method to request web pages;
• POST - Sends data to the server, often used for submitting forms or uploading files;
• PUT - Replaces all current representations of a resource with a newer version. For example, if you have a document online and you upload a new version of it, the PUT method will overwrite the old one with the newer one;
• DELETE - Removes the specified resource;
• HEAD - Similar to GET, but only retrieves the headers, not the actual body of the response;
• OPTIONS - Describes the communication options for the target resource;

These methods drive the interaction between the browser and the server. As their descriptions show, different things happen depending on the one used.

Finally, HTTP (specifically version 1.1) has a few limitations that are important to note as they are vital to its function.

• Stateless - HTTP 1.1 is stateless, which means it does not remember previous interactions. In other words, if you logged into an account on a website that uses only HTTP 1.1 and no additional measures for session management, you would have to log in again the next time you open the website. It relies on external solutions for session management, like cookies and token-based authentication;
• Performance - HTTP 1.1 handles requests sequentially. That means each resource it requests from a server happens over a separate request-response cycle. This forces the server to handle one request at a time and serves as a performance bottleneck. That can be a big inconvenience when it comes to complex pages with a lot of resources on them (HTML, CSS, JavaScript, images, etc.) since the browser must wait for each response before making a new one;
• Text-based - HTTP 1.1 is also entirely text-based, meaning requests and responses are transmitted over plain text without encryption.

Despite these limitations, HTTP 1.1 is a fundamental stepping stone. It is the communication backbone of the Internet. And as with all other things on the Internet, it has received improvements over the years! The first one is its secure version!

What is HTTPS?

HTTPS is the first evolution of HTTP. As the name implies, it is the secure version of HTTP. It is used to transmit data between your browser and a server safely. Before HTTPS, all data was transmitted solely via HTTP, so it was in human-readable form. Anyone who intercepts it could read and potentially abuse it.

Nowadays, HTTPS has become an irreplaceable part of online communications, ensuring security and privacy on the web. Through HTTPS, sensitive details such as passwords, payment details, or any other personal data are encrypted, so even if they do get intercepted, they are unusable without the corresponding key to decrypt them. We do not need to tell you how important such security and privacy are—so much so that any modern browser will instantly alert you if the website you are visiting uses only HTTP and is not secured.

HTTPS works by using an encryption protocol called TLS to secure data transmissions. This protocol is called TLS; you can read about it in our article here. To sum up, for a website to be able to use HTTPS, it needs an SSL (TLS) certificate. That allows your browser and the website you are connecting to to establish the so-called TLS handshake, ensuring a secure connection. It is a multi-step process that happens in the blink of an eye and is facilitated by two components: a private and a public key.

• Public Key - This key is available to every browser interacting with the server the website with the certificate is on. It is used to encrypt data that only the corresponding private key can decrypt;
• Private Key - This key is private and only known to the web server hosting the website with the certificate. It is used to decrypt information encrypted by the public key.

It is important to mention that HTTPS is not a replacement for HTTP. While they work on two separate ports (443 and 80, respectively), HTTPS is not a separate protocol. You can think of HTTP as the foundational performance protocol, while HTTPS is the security layer on top. Data transmission is still facilitated by HTTP (regardless of the specific version) but is now also secured by SSL/TLS encryption. That combination of HTTP and SSL/TLS encryption is HTTPS.

Encryption is vital in the online world. No matter what website you run, you must ensure you have an SSL certificate installed. This has twofold benefits.

• Security - HTTPS encrypts data sent between websites and browsers, which means that even if intercepted, the data will be useless without the private key. That is imperative, especially if your website handles sensitive data such as credit card details or personal information;
• SEO - Search engines absolutely love and demand encryption on websites. Without it, your website will appear "Not Secure" and suffer from worse SEO. That can severely impact visitor trust in a website to the point that they simply click away.

Finally, it is very easy to tell whether a website uses HTTPS. Depending on your browser, the website will have https://, a padlock, or both in front of it. Here are examples from Chrome, Firefox, Opera, and Edge.

What are HTTP/2 and HTTP/3?

In this final section of our tutorial about HTTP, we will explain the newer versions of HTTP and how they have improved the protocol.

HTTP/2 was released in 2015 and is still widely used across the Internet. The newest version of the protocol, HTTP/3, was released in 2022. Both versions introduce optimizations and improvements that make browsing websites online much faster and more efficient.

HTTP/2 and HTTP/3 are both available for most modern browsers and web servers, with very few still unable to support them. Additionally, the protocols are backward-compatible, so if your web browser or server cannot offer HTTP/3, you can always fall back on version 2 or even 1.1. At FastComet all our services support HTTP/2 and our Extra Shared Hosting plan is compatible with HTTP/3.

HTTP/2

HTTP/2 is the first major upgrade from HTTP/1.1. It addresses a significant issue the 1.1 version has with modern and complex websites and also improves the overall speed and efficiency of the data transfer.

As it is still an HTTP protocol, HTTP/2 builds on top of the existing infrastructure without removing any of the known and well-documented features, making it wholly seamless to use. Here are the key improvements this version makes over 1.1.

• Multiplexing - In HTTP/1.1, requests and responses had to be handled sequentially over a single connection, which created a bottleneck. Multiplexing in HTTP/2 allows multiple requests and responses to be sent simultaneously over a single connection. This eliminates the need for multiple connections and avoids the bottleneck;
• Header Compression - The new version also introduces HPACK compression to reduce the size of headers that are sent with each request. Since many headers are often repeated (e.g., cookies, user-agent info), this compression drastically reduces the amount of data being transferred;
• Server Push - This improvement allows servers to "push" resources (like images, CSS files, etc.) to the browser before it even requests them. That speeds up page load times by anticipating what the browser will need and sending it proactively;
• Weighted Prioritization - Finally, HTTP/2 allows browsers to prioritize certain requests over others. For example, a browser might prioritize loading CSS files over images to ensure that a website's layout is ready before visuals are fully loaded.

HTTP/2 is a gigantic leap forward, and it shows. Each of those optimizations and features has made browsing the Internet a much snappier, faster, and more efficient ordeal than it was before. The mere fact that multiplexing exists has taken a huge load off servers after the advent of complex websites with multiple resources that need to load at once. HTTP/3 makes it even better!

HTTP/3

The latest upgrade to the HTTP protocol, HTTP/3, builds on the improvements made by the previous version while also using the upgraded QUIC protocol for increased performance. QUIC (built on UDP) is a new transport layer protocol designed to make HTTP/3 not only fast but also reliable.

Here are the most important features of HTTP/3.

• QUIC - Instead of TCP, HTTP/3 uses QUIC to transport data. It is built on UDP, which is a simpler and faster protocol than TCP. The most standout feature that QUIC brings is the ability to preserve a connection between network changes (when switching from Wi-Fi to mobile data, for example);
• No Bottleneck - TCP, used by HTTP/1.1 and HTTP/2, suffers from potential bottlenecks at the transport layer. If one packet is lost, the entire connection stalls until that packet is retransmitted. QUIC eliminates this problem by allowing independent streams of data to be transmitted. If a packet is lost, only that particular stream is affected, while others continue without delay;
• Faster Handshake - HTTP/3 improves connection setup with a faster TLS handshake. It allows clients to start transferring data immediately when reconnecting to a server. That drastically reduces latency, particularly for repeat visits to a site;
• Built-in Encryption - Unlike HTTP/1.1 or HTTP/2, where encryption (via TLS) is layered on top of TCP, QUIC has encryption built in by default. That means every HTTP/3 connection is encrypted, improving security without adding extra overhead.

As you can see, HTTP/3 allows data to flow much more freely and efficiently between browser and server and makes unstable networks more reliable. It helps when switching networks or packet loss is expected to happen often.

HTTP/3 is the future of the Internet, and considering its benefits, we expect its adoption to skyrocket in the upcoming years. Until then, HTTP/2 is still perfectly reliable, fast, efficient, and suitable for handling modern-day websites with minimal effort.

You can see for yourself why HTTP is such a vital part of the Internet now, in all its iterations. Without it, we could not visit any website since data exchange would simply not exist! However, through it, we can access all our favorite websites quickly and easily.

Related articles

• What is UDP?
• Layers of the Internet
• What is a CMS?
• What are IP and TCP?