Overview
On a daily basis, we visit lots of websites. Have you ever noticed the http or https prefix with your visited site URL? The HTTP protocol is widely used on the internet to communicate. In this blog, we will go through http, https, and different versions of HTTP protocol evolution.
HTTP: HyperText Transfer Protocol
This protocol used to communicate and exchange the data between server and browser. The browser sends the HTTP request to the server and the server sends the HTTP response back to the browser.
It is a stateless protocol because once the transaction completes between the browser and server is lost connection.
HTTP vs HTTPS
- HTTP works on the Application Layer and HTTPS work on the Transport Layer.
- HTTP uses the 80 port and HTTPS uses the 443 port as default.
- HTTP: transfer plain text.
The request looks like this to the attackerGET /index.html HTTP/1.1 Host: projects.com Accept-Language: en-us User-Agent: Mozilla/5.0 <blank line>
The response looks like this to the attacker
HTTP/1.1 200 OK Date: Mon, 17 Aug 2020 08:08:42 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Tue, 04 Aug 2020 11:55:07 GMT Accept-Ranges: bytes Content-Length: 1984 Content-Type: text/html;charset=UTF-8 <html> .. <html>
- HTTPS: transfer encrypts data.
request and response look like this to the attacker.A}cB,gd::eA;`5NPlbujlzBpWTjoD8m_4Wr_aVoqDdcpa7XQHYXnA8T1NgSnSBZ78Vme+DpDVJPvZdZUZHpzbbcqmSW1+3xXGsERHg9YDmpYk0VVDiRvw1H5miNieJeJ/FNUjgH0BmVRWII6+T4MnDwmCMZUI/orxP3HGwYCSIvyzS3MpmmSe4iaWKCOHQ==
Before starting a different version HTTP discussion let’s enable protocol in our Google Chrome Developer Tool
- Open the Google Chrome Developer Tool and click on the Network tab.
- Right Click on the Name and select the protocol.
- Now you can see the protocol column available.The protocol
column shows the resource loaded via which protocol HTTP/1.x, HTTP/2, HTTP/3.
HTTP/1.x
- HTTP/1.0 established a new connection on every request and response pair.
- HTTP/1.1 established the same persistent connection to have one or more requests and responses.
- The modern browser supports six connections per domain it can use for sending HTTP/1.1 requests to solve a single TCP connection use to send the request.
HTTP/2
- HTTP/2 uses the single TCP connection to send multiple requests for data.
- It is binary and multiplexed.
- Making your website load faster because it reduces additional round trip times(RTT).
- It is secure by default.
- HTTP/2 also comes with header compression, server push.
- Server push by default inactive.
- If the backend has H2 protocol but the load balancer uses H1 protocol it becomes slower.
- You need to configure server push correctly to avoid abused server push.
HTTP/3 – a UDP based protocol
- It has built-in encryption.
- It uses the User Datagram Protocol(UDP)established connections between browser and server.
- UDP recently has lots of misuses that why UDP did not trust HTTP/3 has security challenges.
- HTTP/3 uses the Quick UDP Internet Connections(QUIC) transport protocol over the UDP. QUIC transport protocol faster negotiation, multiplexing as a stream-based and flow-control.
- HTTP/3 binary over the multiplexed QUIC.
- If the server supports HTTP/3 it’s included Alt-Svc in the response.
- Firefox Nightly and Chrome Canary browser you can use for checking experimental HTTP/3 and QUIC.
- Also, one simple way to Check HTTP/3 just enters the URL you want to test.
Difference between HTTP/1.1, HTTP/2 & HTTP/3
| Data | HTTP/1.1 | HTTP/2 | HTTP/3 |
|---|---|---|---|
| Release | January 1997 | May 14, 2015 | - |
Established Connection between browser and server using | TCP (Transmission Control Protocol) | TCP (Transmission Control Protocol) | UDP (User Datagram Protocol) |
| TLS(Transport Layer Security) version use | 1.2+ | 1.2+ | 1.3+ |
| Streams | - | HTTP/2 | QUIC |
| Header Compression | Gzip or Deflate | HPACK | QPACK |
| Server Push | No | Yes | Yes |
| 0-RTT handshake | No | No | Yes |
Does HTTP/1.1,2,3 have any effect on HTTPS?
- HTTP/1.1 isn’t mandatory to upgrade SSL/TLS.
- SSL/TLS upgrade is mandatory for the website when HTTP/2 becomes the default web network protocol.
- HTTP/3 mandatory to have SSL certification.
Conclusion
HTTP evolution improves performance. As you can see the major improvement from HTTP/1.x to HTTP/2 like binary, multiplexing, header compression using HPACK. You need to see the performance of the HTTP/1.1 vs HTTP/2, check out this Imagekit.io demo or Google demo that compares with different latencies. HTTP/3 provides the same powers as HTTP/2 but it also comes with a 0-RTT handshake, QUIC faster negotiation. HTTP/3 right now is also experimental. Stay tuned with us for the HTTP/3 performance improvement update.
You may also like
Top Laravel Development Companies in India to Watch Out For in 2024
Today’s modern-day consumers demand aesthetically pleasing...
Laravel 11: Suite of New Features Unlocked!
Web application development is at an all time high. And, so is the PhP framework giant- Laravel. Wit...
Why Your Business Need to Hire a Professional Web Development Company?
Businesses of all walks and sizes hinge on web development c...
