This is an accepted version of this page
50-514: HTTP ( Hypertext Transfer Protocol ) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web , where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in
100-429: A network bridge are also on the same link, whereas hosts on different sides of a network router are on different links. In IPv4 , the utility of link-local addresses is in zero-configuration networking when Dynamic Host Configuration Protocol (DHCP) services are not available and manual configuration by a network administrator is not desirable. The block 169.254.0.0 / 16 was allocated for this purpose. If
150-406: A web browser . Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989 and summarized in a simple document describing the behavior of a client and a server using the first HTTP version, named 0.9. That version was subsequently developed, eventually becoming the public 1.0. Development of early HTTP Requests for Comments (RFCs) started a few years later in a coordinated effort by
200-438: A batch of RFCs was published, deprecating many of the previous documents and introducing a few minor changes and a refactoring of HTTP semantics description into a separate document. HTTP is a stateless application-level protocol and it requires a reliable network transport connection to exchange data between client and server. In HTTP implementations, TCP/IP connections are used using well-known ports (typically port 80 if
250-426: A client user interface called web browser . Berners-Lee designed HTTP in order to help with the adoption of his other idea: the "WorldWideWeb" project, which was first proposed in 1989, now known as the World Wide Web . The first web server went live in 1990. The protocol used had only one method, namely GET, which would request a page from a server. The response from the server was always an HTML page. In 1991,
300-471: A client failing to properly encode the request-target. Since 2016 many product managers and developers of user agents (browsers, etc.) and web servers have begun planning to gradually deprecate and dismiss support for HTTP/0.9 protocol, mainly for the following reasons: In 2020, the first drafts HTTP/3 were published and major web browsers and web servers started to adopt it. On 6 June 2022, IETF standardized HTTP/3 as RFC 9114 . In June 2022,
350-722: A communications network. An application layer abstraction is specified in both the Internet Protocol Suite (TCP/IP) and the OSI model . Although both models use the same term for their respective highest-level layer, the detailed definitions and purposes are different. In the Internet protocol suite, the application layer contains the communications protocols and interface methods used in process-to-process communications across an Internet Protocol (IP) computer network. The application layer only standardizes communication and depends upon
400-445: A computer hosting one or more websites may be the server . The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and other content or performs other functions on behalf of the client, returns a response message to the client. The response contains completion status information about the request and may also contain requested content in its message body. A web browser
450-421: A far future version of HTTP called HTTP-NG (HTTP Next Generation) that would have solved all remaining problems, of previous versions, related to performances, low latency responses, etc. but this work started only a few years later and it was never completed. In May 1996, RFC 1945 was published as a final HTTP/1.0 revision of what had been used in previous 4 years as a pre-standard HTTP/1.0-draft which
500-528: A globally routable address, by relaying messages with external servers. To allow intermediate HTTP nodes (proxy servers, web caches, etc.) to accomplish their functions, some of the HTTP headers (found in HTTP requests/responses) are managed hop-by-hop whereas other HTTP headers are managed end-to-end (managed only by the source client and by the target web server). HTTP is an application layer protocol designed within
550-428: A host on an IEEE 802 ( Ethernet ) network cannot obtain a network address via DHCP, an address from 169.254.1.0 to 169.254.254.255 may be assigned pseudorandomly . The standard prescribes that address collisions must be handled gracefully. In IPv6 , the block fe80:: / 10 is reserved for IP address autoconfiguration. The implementation of these link-local addresses is mandatory, as various functions of
SECTION 10
#1732845424616600-416: A more efficient expression of HTTP's semantics "on the wire". As of August 2024, it is supported by 66.2% of websites (35.3% HTTP/2 + 30.9% HTTP/3 with backwards compatibility) and supported by almost all web browsers (over 98% of users). It is also supported by major web servers over Transport Layer Security (TLS) using an Application-Layer Protocol Negotiation (ALPN) extension where TLS 1.2 or newer
650-486: A private IP address cannot be routed through the public Internet. Private addresses are often seen as enhancing network security for the internal network since use of private addresses internally makes it difficult for an external host to initiate a connection to an internal system. The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve
700-536: A server establishing a connection (real or virtual). An HTTP(S) server listening on that port accepts the connection and then waits for a client's request message. The client sends its HTTP request message. Upon receiving the request the server sends back an HTTP response message, which includes header(s) plus a body if it is required. The body of this response message is typically the requested resource, although an error message or other information may also be returned. At any time (for many reasons) client or server can close
750-460: A single operator's points of presence in a large metropolitan area such as Tokyo . The concept of private networks has been extended in the next generation of the Internet Protocol , IPv6 , and special address blocks are reserved. The address block fc00:: / 7 is reserved by IANA for unique local addresses (ULAs). They are unicast addresses, but contain a 40-bit random number in
800-506: A spoofed source address. Less commonly, ISP edge routers drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network. Since the private IPv4 address space is relatively small, many private IPv4 networks unavoidably use the same address ranges. This can create a problem when merging such networks, as some addresses may be duplicated for multiple devices. In this case, networks or hosts must be renumbered, often
850-421: A time-consuming task or a network address translator must be placed between the networks to translate or masquerade one of the address ranges. IPv6 defines unique local addresses , providing a very large private address space from which each organization can randomly or pseudo-randomly allocate a 40-bit prefix, each of which allows 65536 organizational subnets. With space for about one trillion (10 ) prefixes, it
900-540: Is a revision of previous HTTP/2 in order to use QUIC + UDP transport protocols instead of TCP. Before that version, TCP/IP connections were used; but now, only the IP layer is used (which UDP, like TCP, builds on). This slightly improves the average speed of communications and to avoid the occasional (very rare) problem of TCP connection congestion that can temporarily block or slow down the data flow of all its streams (another form of " head of line blocking "). The term hypertext
950-464: Is also enabled in Firefox . HTTP/3 has lower latency for real-world web pages, if enabled on the server, and loads faster than with HTTP/2, in some cases over three times faster than HTTP/1.1 (which is still commonly only enabled). HTTP functions as a request–response protocol in the client–server model . A web browser , for example, may be the client whereas a process , named web server , running on
1000-723: Is an example of a user agent (UA). Other types of user agent include the indexing software used by search providers ( web crawlers ), voice browsers , mobile apps , and other software that accesses, consumes, or displays web content. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. High-traffic websites often benefit from web cache servers that deliver content on behalf of upstream servers to improve response time. Web browsers cache previously accessed web resources and reuse them, whenever possible, to reduce network traffic. HTTP proxy servers at private network boundaries can facilitate communication for clients without
1050-556: Is realized by the use of the functionality of a number of application service elements. Some application service elements invoke different procedures based on the version of the session service available. The common application service element sublayer provides services for the application layer and request services from the session layer. It provides support for common application services, such as: The specific application service element sublayer provides application-specific services (protocols), such as: The IETF definition document for
SECTION 20
#17328454246161100-452: Is required. HTTP/3 , the successor to HTTP/2, was published in 2022. As of February 2024, it is now used on 30.9% of websites and is supported by most web browsers, i.e. (at least partially) supported by 97% of users. HTTP/3 uses QUIC instead of TCP for the underlying transport protocol. Like HTTP/2, it does not obsolete previous major versions of the protocol. Support for HTTP/3 was added to Cloudflare and Google Chrome first, and
1150-409: The fec0:: / 10 block, but because of scalability concerns and poor definition of what constitutes a site , its use has been deprecated since September 2004. Another type of private networking uses the link-local address range. The validity of link-local addresses is limited to a single link; e.g. to all computers connected to a switch , or to one wireless network . Hosts on different sides of
1200-655: The IPv4 and the IPv6 specifications define private IP address ranges. Most Internet service providers (ISPs) allocate only a single publicly routable IPv4 address to each residential customer, but many homes have more than one computer , smartphone , or other Internet-connected device. In this situation, a network address translator (NAT/PAT) gateway is usually used to provide Internet connectivity to multiple hosts. Private addresses are also commonly used in corporate networks which, for security reasons, are not connected directly to
1250-461: The Internet . Often a proxy , SOCKS gateway, or similar devices are used to provide restricted Internet access to network-internal users. Private network addresses are not allocated to any specific organization. Anyone may use these addresses without approval from regional or local Internet registries . Private IP address spaces were originally defined to assist in delaying IPv4 address exhaustion . IP packets originating from or addressed to
1300-595: The Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), with work later moving to the IETF. HTTP/1 was finalized and fully documented (as version 1.0) in 1996. It evolved (as version 1.1) in 1997 and then its specifications were updated in 1999, 2014, and 2022. Its secure variant named HTTPS is used by more than 85% of websites. HTTP/2 , published in 2015, provides
1350-403: The OSI model , the definition of the application layer is narrower in scope. The OSI model defines the application layer as only the interface responsible for communicating with host-based and user-facing applications. OSI then explicitly distinguishes the functionality of two additional layers, the session layer and presentation layer , as separate levels below the application layer and above
1400-718: The HTTP Working Group released an updated six-part HTTP/1.1 specification obsoleting RFC 2616 : In RFC 7230 Appendix-A, HTTP/0.9 was deprecated for servers supporting HTTP/1.1 version (and higher): Since HTTP/0.9 did not support header fields in a request, there is no mechanism for it to support name-based virtual hosts (selection of resource by inspection of the Host header field). Any server that implements name-based virtual hosts ought to disable support for HTTP/0.9 . Most requests that appear to be HTTP/0.9 are, in fact, badly constructed HTTP/1.x requests caused by
1450-497: The IPv6 protocol depend on them. A special case of private link-local addresses is the loopback interface . These addresses are private and link-local by definition since packets never leave the host device. IPv4 reserves the entire class A address block 127.0.0.0 / 8 for use as private loopback addresses. IPv6 reserves the single address ::1 . It is common for packets originating in private address spaces to be misrouted onto
1500-605: The Internet. Private networks often do not properly configure DNS services for addresses used internally and attempt reverse DNS lookups for these addresses, causing extra traffic to the Internet root nameservers . The AS112 project attempted to mitigate this load by providing special black hole anycast nameservers for private address ranges which only return negative result codes ( not found ) for these queries. Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by misconfiguration or from malicious traffic using
1550-598: The application layer in the Internet Protocol Suite is RFC 1123. It provided an initial set of protocols that covered the major aspects of the functionality of the early Internet : Additional notable application-layer protocols include the following: Private network In Internet networking , a private network is a computer network that uses a private address space of IP addresses . These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Both
HTTP - Misplaced Pages Continue
1600-441: The connection is unencrypted or port 443 if the connection is encrypted, see also List of TCP and UDP port numbers ). In HTTP/2, a TCP/IP connection plus multiple protocol channels are used. In HTTP/3, the application transport protocol QUIC over UDP is used. Data is exchanged through a sequence of request–response messages which are exchanged by a session layer transport connection. An HTTP client initially tries to connect to
1650-516: The connection. Closing a connection is usually advertised in advance by using one or more HTTP headers in the last request/response message sent to server or client. In HTTP/0.9 , the TCP/IP connection is always closed after server response has been sent, so it is never persistent. Application layer An application layer is an abstraction layer that specifies the shared communication protocols and interface methods used by hosts in
1700-415: The establishment of TCP connections presents considerable overhead, especially under high traffic conditions. HTTP/2 is a revision of previous HTTP/1.1 in order to maintain the same client–server model and the same protocol methods but with these differences in order: HTTP/2 communications therefore experience much less latency and, in most cases, even higher speeds than HTTP/1.1 communications. HTTP/3
1750-442: The first documented official version of HTTP was written as a plain document, less than 700 words long, and this version was named HTTP/0.9, which supported only GET method, allowing clients to only retrieve HTML documents from the server, but not supporting any other file formats or information upload. Since 1992, a new document was written to specify the evolution of the basic protocol towards its next full version. It supported both
1800-481: The following IPv4 address ranges for private networks: In practice, it is common to subdivide these ranges into smaller subnets . In April 2012, IANA allocated the 100.64.0.0 / 10 block of IPv4 addresses specifically for use in carrier-grade NAT scenarios. This address block should not be used on private networks or on the public Internet. The size of the address block was selected to be large enough to uniquely number all customer access devices for all of
1850-726: The framework of the Internet protocol suite . Its definition presumes an underlying and reliable transport layer protocol. In HTTP/3 , the Transmission Control Protocol (TCP) is no longer used, but the older versions are still more used and they most commonly use TCP. They have also been adapted to use unreliable protocols such as the User Datagram Protocol (UDP), which HTTP/3 also (indirectly) always builds on, for example in HTTPU and Simple Service Discovery Protocol (SSDP). HTTP resources are identified and located on
1900-499: The group stopped its activity passing the technical problems to IETF. In 2007, the IETF HTTP Working Group (HTTP WG bis or HTTPbis) was restarted firstly to revise and clarify previous HTTP/1.1 specifications and secondly to write and refine future HTTP/2 specifications (named httpbis). In 2009, Google , a private company, announced that it had developed and tested a new HTTP binary protocol named SPDY . The implicit aim
1950-455: The need to start to focus on a new HTTP/2 protocol (while finishing the revision of HTTP/1.1 specifications), maybe taking in consideration ideas and work done for SPDY. After a few months about what to do to develop a new version of HTTP, it was decided to derive it from SPDY. In May 2015, HTTP/2 was published as RFC 7540 and quickly adopted by all web browsers already supporting SPDY and more slowly by web servers. In June 2014,
2000-745: The network by Uniform Resource Locators (URLs), using the Uniform Resource Identifiers (URIs) schemes http and https . As defined in RFC 3986 , URIs are encoded as hyperlinks in HTML documents, so as to form interlinked hypertext documents. In HTTP/1.0 a separate TCP connection to the same server is made for every resource request. In HTTP/1.1 instead a TCP connection can be reused to make multiple resource requests (i.e. of HTML pages, frames, images, scripts , stylesheets , etc.). HTTP/1.1 communications therefore experience less latency as
2050-446: The new versions of browsers and servers was rapid. In March 1996, one web hosting company reported that over 40% of browsers in use on the Internet used the new HTTP/1.1 header "Host" to enable virtual hosting , and that by June 1996, 65% of all browsers accessing their servers were pre-standard HTTP/1.1 compliant. In January 1997, RFC 2068 was officially released as HTTP/1.1 specifications. In June 1999, RFC 2616
HTTP - Misplaced Pages Continue
2100-412: The routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently local in usage, the IPv6 address scope of unique local addresses is global. The first block defined is fd00:: / 8 , designed for / 48 routing blocks, in which users can create multiple subnets, as needed. Examples: A former standard proposed the use of site-local addresses in
2150-416: The simple request method of the 0.9 version and the full GET request that included the client HTTP version. This was the first of the many unofficial HTTP/1.0 drafts that preceded the final work on HTTP/1.0. After having decided that new features of HTTP protocol were required and that they had to be fully documented as official RFCs , in early 1995 the HTTP Working Group (HTTP WG, led by Dave Raggett )
2200-552: The transport layer. OSI specifies a strict modular separation of functionality at these layers and provides protocol implementations for each. In contrast, the Internet Protocol Suite compiles these functions into a single layer. Originally the OSI model consisted of two kinds of application layer services with their related protocols. These two sublayers are the common application service element (CASE) and specific application service element (SASE). Generally, an application layer protocol
2250-495: The underlying transport layer protocols to establish host-to-host data transfer channels and manage the data exchange in a client–server or peer-to-peer networking model. Though the TCP/IP application layer does not describe specific rules or data formats that applications must consider when communicating, the original specification (in RFC 1123 ) does rely on and recommend the robustness principle for application design. In
2300-498: Was already used by many web browsers and web servers. In early 1996 developers started to even include unofficial extensions of the HTTP/1.0 protocol (i.e. keep-alive connections, etc.) into their products by using drafts of the upcoming HTTP/1.1 specifications. Since early 1996, major web browsers and web server developers also started to implement new features specified by pre-standard HTTP/1.1 drafts specifications. End-user adoption of
2350-459: Was coined by Ted Nelson in 1965 in the Xanadu Project , which was in turn inspired by Vannevar Bush 's 1930s vision of the microfilm-based information retrieval and management " memex " system described in his 1945 essay " As We May Think ". Tim Berners-Lee and his team at CERN are credited with inventing the original HTTP, along with HTML and the associated technology for a web server and
2400-479: Was constituted with the aim to standardize and expand the protocol with extended operations, extended negotiation, richer meta-information, tied with a security protocol which became more efficient by adding additional methods and header fields . The HTTP WG planned to revise and publish new versions of the protocol as HTTP/1.0 and HTTP/1.1 within 1995, but, because of the many revisions, that timeline lasted much more than one year. The HTTP WG planned also to specify
2450-433: Was released to include all improvements and updates based on previous (obsolete) HTTP/1.1 specifications. Resuming the old 1995 plan of previous HTTP Working Group, in 1997 an HTTP-NG Working Group was formed to develop a new HTTP protocol named HTTP-NG (HTTP New Generation). A few proposals / drafts were produced for the new protocol to use multiplexing of HTTP transactions inside a single TCP/IP connection, but in 1999,
2500-462: Was to greatly speed up web traffic (specially between future web browsers and its servers). SPDY was indeed much faster than HTTP/1.1 in many tests and so it was quickly adopted by Chromium and then by other major web browsers. Some of the ideas about multiplexing HTTP streams over a single TCP/IP connection were taken from various sources, including the work of W3C HTTP-NG Working Group. In January–March 2012, HTTP Working Group (HTTPbis) announced
#615384