Evolution of HTTP - HTTP | MDN (2023)

HTTP (HyperText Transfer Protocol) is the underlying protocol of the World Wide Web. Developed by Tim Berners-Lee and his team between 1989-1991, HTTP has gone through many changes that have helped maintain its simplicity while shaping its flexibility. Keep reading to learn how HTTP evolved from a protocol designed to exchange files in a semitrusted laboratory environment into a modern internet maze that carries images and videos in high resolution and 3D.

Invention of the World Wide Web

In 1989, while working at CERN, Tim Berners-Lee wrote a proposal to build a hypertext system over the internet. Initially called the Mesh, it was later renamed the World Wide Web during its implementation in 1990. Built over the existing TCP and IP protocols, it consisted of 4 building blocks:

  • A textual format to represent hypertext documents, the HyperText Markup Language (HTML).
  • A simple protocol to exchange these documents, the HyperText Transfer Protocol (HTTP).
  • A client to display (and edit) these documents, the first web browser called the WorldWideWeb.
  • A server to give access to the document, an early version of httpd.

These four building blocks were completed by the end of 1990, and the first servers were running outside of CERN by early 1991. On August 6, 1991, Tim Berners-Lee posted on the public alt.hypertext newsgroup. This is now considered to be the official start of the World Wide Web as a public project.

The HTTP protocol used in those early phases was very simple. It was later dubbed HTTP/0.9 and is sometimes called the one-line protocol.

HTTP/0.9 – The one-line protocol

The initial version of HTTP had no version number; it was later called 0.9 to differentiate it from later versions. HTTP/0.9 was extremely simple: requests consisted of a single line and started with the only possible method GET followed by the path to the resource. The full URL wasn't included as the protocol, server, and port weren't necessary once connected to the server.

GET /mypage.html

The response was extremely simple, too: it only consisted of the file itself.

(Video) HTTP Crash Course & Exploration

<html> A very simple HTML page</html>

Unlike subsequent evolutions, there were no HTTP headers. This meant that only HTML files could be transmitted. There were no status or error codes. If there was a problem, a specific HTML file was generated and included a description of the problem for human consumption.

HTTP/1.0 – Building extensibility

HTTP/0.9 was very limited, but browsers and servers quickly made it more versatile:

  • Versioning information was sent within each request (HTTP/1.0 was appended to the GET line).
  • A status code line was also sent at the beginning of a response. This allowed the browser itself to recognize the success or failure of a request and adapt its behavior accordingly. For example, updating or using its local cache in a specific way.
  • The concept of HTTP headers was introduced for both requests and responses. Metadata could be transmitted and the protocol became extremely flexible and extensible.
  • Documents other than plain HTML files could be transmitted thanks to the Content-Type header.

At this point in time, a typical request and response looked like this:

GET /mypage.html HTTP/1.0User-Agent: NCSA_Mosaic/2.0 (Windows 3.1)200 OKDate: Tue, 15 Nov 1994 08:12:31 GMTServer: CERN/3.0 libwww/2.17Content-Type: text/html<HTML>A page with an image <IMG SRC="/myimage.gif"></HTML>

It was followed by a second connection and a request to fetch the image (with the corresponding response):

GET /myimage.gif HTTP/1.0User-Agent: NCSA_Mosaic/2.0 (Windows 3.1)200 OKDate: Tue, 15 Nov 1994 08:12:32 GMTServer: CERN/3.0 libwww/2.17Content-Type: text/gif(image content)

Between 1991-1995, these were introduced with a try-and-see approach. A server and a browser would add a feature and see if it got traction. Interoperability problems were common. In an effort to solve these issues, an informational document that described the common practices was published in November 1996. This was known as RFC 1945 and defined HTTP/1.0.

(Video) The Http and the Web | Http Explained | Request-Response Cycle

HTTP/1.1 – The standardized protocol

In the meantime, proper standardization was in progress. This happened in parallel to the diverse implementations of HTTP/1.0. The first standardized version of HTTP, HTTP/1.1, was published in early 1997, only a few months after HTTP/1.0.

HTTP/1.1 clarified ambiguities and introduced numerous improvements:

  • A connection could be reused, which saved time. It no longer needed to be opened multiple times to display the resources embedded in the single original document.
  • Pipelining was added. This allowed a second request to be sent before the answer to the first one was fully transmitted. This lowered the latency of the communication.
  • Chunked responses were also supported.
  • Additional cache control mechanisms were introduced.
  • Content negotiation, including language, encoding, and type, was introduced. A client and a server could now agree on which content to exchange.
  • Thanks to the Host header, the ability to host different domains from the same IP address allowed server collocation.

A typical flow of requests, all through one single connection, looked like this:

GET /en-US/docs/Glossary/Simple_header HTTP/1.1Host: developer.mozilla.orgUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101 Firefox/50.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://developer.mozilla.org/en-US/docs/Glossary/Simple_header200 OKConnection: Keep-AliveContent-Encoding: gzipContent-Type: text/html; charset=utf-8Date: Wed, 20 Jul 2016 10:55:30 GMTEtag: "547fa7e369ef56031dd3bff2ace9fc0832eb251a"Keep-Alive: timeout=5, max=1000Last-Modified: Tue, 19 Jul 2016 00:59:33 GMTServer: ApacheTransfer-Encoding: chunkedVary: Cookie, Accept-Encoding(content)GET /static/img/header-background.png HTTP/1.1Host: developer.mozilla.orgUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101 Firefox/50.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://developer.mozilla.org/en-US/docs/Glossary/Simple_header200 OKAge: 9578461Cache-Control: public, max-age=315360000Connection: keep-aliveContent-Length: 3077Content-Type: image/pngDate: Thu, 31 Mar 2016 13:34:46 GMTLast-Modified: Wed, 21 Oct 2015 18:27:50 GMTServer: Apache(image content of 3077 bytes)

HTTP/1.1 was first published as RFC 2068 in January 1997.

More than 15 years of extensions

The extensibility of HTTP made it easy to create new headers and methods. Even though the HTTP/1.1 protocol was refined over two revisions, RFC 2616 published in June 1999 and RFC 7230-RFC 7235 published in June 2014 before the release of HTTP/2, it was extremely stable for more than 15 years.

Using HTTP for secure transmissions

The largest change to HTTP was made at the end of 1994. Instead of sending HTTP over a basic TCP/IP stack, the computer-services company Netscape Communications created an additional encrypted transmission layer on top of it: SSL. SSL 1.0 was never released to the public, but SSL 2.0 and its successor SSL 3.0 allowed for the creation of ecommerce websites. To do this, they encrypted and guaranteed the authenticity of the messages exchanged between the server and client. SSL was eventually standardized and became TLS.

(Video) I Left My HVAC Heart in Florida with Trixie and Katya | The Bald and the Beautiful Podcast

During the same time period, it became clear that an encrypted transport layer was needed. The web was no longer a mostly academic network, and instead became a jungle where advertisers, random individuals, and criminals competed for as much private data as possible. As the applications built over HTTP became more powerful and required access to private information like address books, email, and user location, TLS became necessary outside of the ecommerce use case.

Using HTTP for complex applications

Tim Berners-Lee didn't originally envision HTTP as a read-only medium. He wanted to create a web where people could add and move documents remotely—a kind of distributed file system. Around 1996, HTTP was extended to allow authoring, and a standard called WebDAV was created. It grew to include specific applications like CardDAV for handling address book entries and CalDAV for dealing with calendars. But all these *DAV extensions had a flaw: they were only usable when implemented by the servers.

In 2000, a new pattern for using HTTP was designed: representational state transfer (or REST). The API wasn't based on the new HTTP methods, but instead relied on access to specific URIs with basic HTTP/1.1 methods. This allowed any web application to let an API retrieve and modify its data without having to update the browsers or the servers. All necessary information was embedded in the files that the websites served through standard HTTP/1.1. The drawback of the REST model was that each website defined its own nonstandard RESTful API and had total control of it. This differed from the *DAV extensions where clients and servers were interoperable. RESTful APIs became very common in the 2010s.

Since 2005, more APIs have become available to web pages. Several of these APIs create extensions to the HTTP protocol for specific purposes:

  • Server-sent events, where the server can push occasional messages to the browser.
  • WebSocket, a new protocol that can be set up by upgrading an existing HTTP connection.

Relaxing the security-model of the web

HTTP is independent of the web security model, known as the same-origin policy. In fact, the current web security model was developed after the creation of HTTP! Over the years, it proved useful to lift some of the restrictions of this policy under certain constraints. The server transmitted how much and when to lift such restrictions to the client using a new set of HTTP headers. These were defined in specifications like Cross-Origin Resource Sharing (CORS) and the Content Security Policy (CSP).

In addition to these large extensions, many other headers were added, sometimes only experimentally. Notable headers are the Do Not Track (DNT) header to control privacy, X-Frame-Options, and Upgrade-Insecure-Requests but many more exist.

HTTP/2 – A protocol for greater performance

Over the years, web pages became more complex. Some of them were even applications in their own right. More visual media was displayed and the volume and size of scripts adding interactivity also increased. Much more data was transmitted over significantly more HTTP requests and this created more complexity and overhead for HTTP/1.1 connections. To account for this, Google implemented an experimental protocol SPDY in the early 2010s. This alternative way of exchanging data between client and server amassed interest from developers working on both browsers and servers. SPDY defined an increase in responsiveness and solved the problem of duplicate data transmission, serving as the foundation for the HTTP/2 protocol.

The HTTP/2 protocol differs from HTTP/1.1 in a few ways:

  • It's a binary protocol rather than a text protocol. It can't be read and created manually. Despite this hurdle, it allows for the implementation of improved optimization techniques.
  • It's a multiplexed protocol. Parallel requests can be made over the same connection, removing the constraints of the HTTP/1.x protocol.
  • It compresses headers. As these are often similar among a set of requests, this removes the duplication and overhead of data transmitted.
  • It allows a server to populate data in a client cache through a mechanism called the server push.

Officially standardized in May 2015, HTTP/2 was incredibly successful. By May 2022, 46.4% of all websites used it (see these stats). High-traffic websites showed the most rapid adoption in an effort to save on data transfer overhead and subsequent budgets.

This rapid adoption was likely because HTTP/2 didn't require changes to websites and applications. To use it, only an up-to-date server that communicated with a recent browser was necessary. Only a limited set of groups was needed to trigger adoption, and as legacy browser and server versions were renewed, usage was naturally increased, without significant work for web developers.

(Video) The history API is dead. Long live the navigation API | HTTP 203

Post-HTTP/2 evolution

HTTP hasn't stopped evolving since the release of HTTP/2. Like with HTTP/1.x, HTTP's extensibility is still being used to add new features. Notably, we can cite new extensions of the HTTP protocol that appeared in 2016:

  • Support for Alt-Svc allowed the dissociation of the identification and the location of a given resource. This meant a smarter CDN caching mechanism.
  • The introduction of Client-Hints allowed the browser or client to proactively communicate information about its requirements and hardware constraints to the server.
  • The introduction of security-related prefixes in the Cookie header helped guarantee that secure cookies couldn't be altered.

This evolution of HTTP has lead to the creation of many applications and has driven the adoption of the protocol. The environment in which HTTP is used today is quite different from that of the early 1990s. HTTP's original design proved to be scalable, allowing the web to evolve over a quarter of a century. By fixing flaws and retaining the flexibility and extensibility that made HTTP such a success, the adoption of HTTP/2 points to a bright future for the protocol.

HTTP/3 - HTTP over QUIC

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

(Video) Know about HTTP URL

The next major version of HTTP, HTTP/3, will use QUIC instead TCP/TLS for the transport layer portion.

See bug1158011 for implementation status in Firefox.

FAQs

What is the history of HTTP? ›

Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989 and summarized in a simple document describing the behavior of a client and a server using the first HTTP protocol version that was named 0.9.

What are the versions of HTTP? ›

HTTP has four versions — HTTP/0.9, HTTP/1.0, HTTP/1.1, and HTTP/2.0. Today the version in common use is HTTP/1.1 and the future will be HTTP/2.0.

What are the 4 parts of HTTP? ›

Anatomy of an HTTP request
  • A request line.
  • A set of header fields.
  • A body, which is optional.
3 Jan 2019

Which is the first version of HTTP? ›

The versions of the HTTP protocol (or "HTTP versions") commonly used on the Internet are HTTP/1.0, which is an earlier protocol including fewer functions, and HTTP/1.1, which is a later protocol including more functions.

What are the 5 HTTP methods? ›

The primary or most-commonly-used HTTP verbs (or methods, as they are properly called) are POST, GET, PUT, PATCH, and DELETE. These correspond to create, read, update, and delete (or CRUD) operations, respectively.

Who invented the HTTP? ›

HTTP (HyperText Transfer Protocol) is the underlying protocol of the World Wide Web. Developed by Tim Berners-Lee and his team between 1989-1991, HTTP has gone through many changes that have helped maintain its simplicity while shaping its flexibility.

How many types of HTTP are there? ›

The two most common HTTP methods are: GET and POST.

What is the difference between HTTP and HTTP? ›

HTTPS is HTTP with encryption. The difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. As a result, HTTPS is far more secure than HTTP.

What are the 8 methods of HTTP? ›

Performs a message loop-back test along the path to the target resource.
  • GET Method. A GET request retrieves data from a web server by specifying parameters in the URL portion of the request. ...
  • HEAD Method. ...
  • POST Method. ...
  • PUT Method. ...
  • DELETE Method. ...
  • CONNECT Method. ...
  • OPTIONS Method. ...
  • TRACE Method.

What is the principle of HTTP? ›

How does HTTP work? As a request-response protocol, HTTP gives users a way to interact with web resources such as HTML files by transmitting hypertext messages between clients and servers. HTTP clients generally use Transmission Control Protocol (TCP) connections to communicate with servers.

What are the 2 phases of HTTP? ›

HTTP is based on a request/response model, so there are two types of HTTP messages: the request and the response. The browser opens a connection to a server and makes a request. The server processes the client's request and returns a response.

What are the basics of HTTP? ›

HyperText Transfer Protocol (HTTP)

An HTTP client sends a request message to an HTTP server. The server, in turn, returns a response message. In other words, HTTP is a pull protocol, the client pulls information from the server (instead of server pushes information down to the client). HTTP is a stateless protocol.

What is the difference between HTTP versions? ›

Difference between HTTP/2 and HTTP/1.1
HTTP/1.1HTTP/2
Ithe usest works on the textual format.It works on the binary protocol.
There is head of line blocking that blocks all the requests behind it until it doesn't get its all resources.It allows multiplexing so one TCP connection is required for multiple requests.
2 more rows
2 Feb 2022

What's the difference between HTTP v1 & HTTP v2? ›

HTTP1 is not a debate at all. HTTP2 is much faster and more reliable than HTTP1. HTTP1 loads a single request for every TCP connection, while HTTP2 avoids network delay by using multiplexing. HTTP is a network delay sensitive protocol in the sense that if there is less network delay, then the page loads faster.

What is HTTP and its phases? ›

HTTP Request / Response

A client (a browser) sends an HTTP request to the web. A web server receives the request. The server runs an application to process the request. The server returns an HTTP response (output) to the browser. The client (the browser) receives the response.

What are the major parts of HTTP? ›

HTTP Response broadly has 3 main components: Status Line. Headers. Body (Optional)

What is HTTP example? ›

HTTP is a client-server protocol: requests are sent by one entity, the user-agent (or a proxy on behalf of it). Most of the time the user-agent is a Web browser, but it can be anything, for example, a robot that crawls the Web to populate and maintain a search engine index.

What is HTTP method type? ›

The primary or most commonly-used HTTP methods are POST, GET, PUT, PATCH, and DELETE. These methods correspond to create, read, update, and delete (or CRUD) operations, respectively. There are a number of other methods, too, but they are utilized less frequently.

What was used before HTTP? ›

The pre-Web Internet was an almost entirely text-based world. There were ASCII-based end-user programs such as gopher, which let you use a menu to search through organized collections of files.

Why is HTTP called so? ›

HTTP stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and syntax for presenting information – used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol.

When was HTTP defined? ›

HTTP was originally proposed in 1989 by Tim Berners-Lee, who was a coauthor of the 1.0 specification. HTTP/1.0 (released in 1996) was “stateless”: each new request from a client established a new connection instead of handling all similar requests through the same connection between a specific client and server.

What layer is HTTP? ›

HTTP is an application layer protocol designed to transfer information between networked devices and runs on top of other layers of the network protocol stack. A typical flow over HTTP involves a client machine making a request to a server, which then sends a response message.

Why HTTP methods are used? ›

HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Although they can also be nouns, these request methods are sometimes referred to as HTTP verbs.

Which is faster HTTP or HTTPS? ›

Speed and Performance

Another benefit of using HTTPS compared to HTTP is that websites will load relatively faster with it, especially if used with a server that supports HTTP/2. HTTP/2 supports HTTPS encryption and complements its security protocols.

Is HTTP a standard or protocol? ›

Hypertext Transfer Protocol -- HTTP/1.1

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements.

Is HTTP a port or protocol? ›

Port 80. HTTP is the protocol that enables the World Wide Web. Port 123.

What are the 3 parts in HTTP request line? ›

An HTTP request is made out of three components: request line, headers and message body.

What is HTTP and its commands? ›

HTTP, or HyperText Transfer Protocol, defines how to interpret data sent/received over a socket between two devices. HTTP (HTTPS is the encrypted secure version), is the protocol that is used on every single website in existence and is incredibly simple.

What is life cycle of HTTP request? ›

When the response is sent, in HTTP version 1.0 the connection is closed. HTTP 1.1 can have persistent connections though. When the browser gets the response, it typically renders it on screen. The HTTP request is now done. A click on "search" will send a new request to the server.

What are the three parts of an HTTP response? ›

Each message contains either a request from a client or a response from a server. They consist of three parts: a start line describing the message, a block of headers containing attributes, and an optional body containing data.

What are the 3 parts to a HTTP response message? ›

An HTTP response contains: A status line. A series of HTTP headers, or header fields. A message body, which is usually needed.

What is HTTP and its advantages? ›

HTTP is used to access HTML pages and was used by websites which did not have confidential information like financial details when the security of information was not considered to be a priority. HTTPS or secure hypertext transfer protocol allows authorization which translates to safe and secure transactions.

Why is http 2 not popular? ›

Although it is getting better all the time, software for HTTP/2 just hasn't had enough time to become as mature and solid as existing HTTP/1.1 software. In particular, server support for HTTP prioritization is spotty at best.

Why is HTTP 1.1 still used? ›

Most of the internet runs HTTP 1.1/1.0 and people are comfortable with it. While most web server applications support HTTP 2.0, they still require to be updated and configured to do so.

Is http2 faster than HTTP? ›

HTTP/2 solves several problems that the creators of HTTP/1.1 did not anticipate. In particular, HTTP/2 is much faster and more efficient than HTTP/1.1. One of the ways in which HTTP/2 is faster is in how it prioritizes content during the loading process.

What is the explanation of HTTP? ›

The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web, and is used to load web pages using hypertext links. HTTP is an application layer protocol designed to transfer information between networked devices and runs on top of other layers of the network protocol stack.

What is the history of HTML? ›

The first version of HTML was written by Tim Berners-Lee in 1993. Since then, there have been many different versions of HTML. The most widely used version throughout the 2000's was HTML 4.01, which became an official standard in December 1999. Another version, XHTML, was a rewrite of HTML as an XML language.

What is the main purpose of HTTP? ›

HTTP is a protocol for fetching resources such as HTML documents. It is the foundation of any data exchange on the Web and it is a client-server protocol, which means requests are initiated by the recipient, usually the Web browser.

What is HTTP and type? ›

All requests are sent using an "HTTP method". The method designates the type of request being made to the web server. The most common types of request methods are GET and POST but there are many others, including HEAD, PUT, DELETE, CONNECT, and OPTIONS.

How has HTML changed over time? ›

Summary. HTML has had a life-span of roughly seven years. During that time, it has evolved from a simple language with a small number of tags to a complex system of mark-up, enabling authors to create all-singing-and-dancing Web pages complete with animated images, sound and all manner of gimmicks.

What was the original name of HTML? ›

Hypertext Markup Language was published by the IETF IIIR Working Group as an Internet Draft (a rough proposal for a standard). It was replaced by a second version one month later. HTML+ was published by the IETF as an Internet Draft and was a competing proposal to the Hypertext Markup Language draft.

Why is HTTP the best? ›

HTTP is a “stateless protocol,” which basically means that it doesn't remember or store any information about the previous web session. The benefit is that because it is “stateless” there is less data that needs to be sent, increasing data transfer speeds.

What are the two types of HTTP? ›

The two most common HTTP methods are: GET and POST.

Videos

1. The Internet: HTTP & HTML
(Code.org)
2. Http Methods
(Telusko)
3. What is HTTP?
(F5 DevCentral)
4. Rick Grimes vs Walter White. Epic Rap Battles of History
(ERB)
5. HTTP Headers - The State of the Web
(Google Chrome Developers)
6. Angular Tutorial - 21 - Fetch Data Using HTTP
(Codevolution)
Top Articles
Latest Posts
Article information

Author: Duncan Muller

Last Updated: 01/23/2023

Views: 6287

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Duncan Muller

Birthday: 1997-01-13

Address: Apt. 505 914 Phillip Crossroad, O'Konborough, NV 62411

Phone: +8555305800947

Job: Construction Agent

Hobby: Shopping, Table tennis, Snowboarding, Rafting, Motor sports, Homebrewing, Taxidermy

Introduction: My name is Duncan Muller, I am a enchanting, good, gentle, modern, tasty, nice, elegant person who loves writing and wants to share my knowledge and understanding with you.