SlideShare a Scribd company logo

Introduction to HTTP protocol

Download as PPTX, PDF
Aviran Mordo
Aviran Mordo

HTTP is a client-server protocol for transmitting hypermedia documents across the internet. It uses a request-response paradigm where clients make requests which are answered by HTTP servers. Requests use methods like GET and POST, and include headers. Responses contain status lines, headers, and content. HTTP allows caching, cookies, authentication, and redirects. It is the foundation of data communication for the World Wide Web via the hypertext transfer protocol.

1 of 19
Downloaded 1,035 times
Introduction to HTTP Aviran Mordo Head Of Back-End Engineering @ Wix @aviranm http://www.linkedin.com/in/aviran http://www.aviransplace.com
Intro • The Hyper Text Transfer Protocol (HTTP) is a client-server network protocol • In use by the World-Wide Web since 1990. • It is based on Request – Response Paradigm.
HTTP Request Message HTTP Method relative URL of the resource or a full URL HTTP Version GET /website/template/photography/ HTTP/1.1 Accept:*/* Accept-Language: en-gb Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) Host: www.httpwatch.com Connection: Keep-Alive Head ers
HTTP Response Status line HTTP/1.1 200 OK X-Seen-By: sputnik3.aus_dsp X-Seen-By: s3.aus_pp Date: Wed, 21 Aug 2013 09:02:49 GMT Server: Apache cache-control: max-age=604800 cache-control: no-cache Pragma: no-cache Set-Cookie: _wixAB2=5371#5567#2014-03-19T14-27-00.000-0500|15711#3472#2014-08-13T11-01-00.0000500|14841#8565#2014-07-23T09-16-00.000-0500|15551#935#2014-08-11T07-55-00.000-0500|15451#3523#2014-08-07T0755-00.000-0500|14451#3267#2014-07-14T09-23-00.000-0500|15941#4497#2014-08-15T15-39-00.0000500|14951#8608#2014-07-28T07-24-00.000-0500|15861#7296#2014-08-15T10-02-00.000-0500|12891#3395#2014-06-23T0734-00.000-0500|13501#6547#2014-07-01T12-46-00.000-0500|15361#2985#2014-08-05T13-30-00.000-0500; Domain=.wix.com; Expires=Tue, 21-Aug-2018 14:06:39 GMT; Path=/ Set-Cookie: _wixCIDX=7e98f6cd-1c79-4661-9312-6f7aaeebf932; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ Set-Cookie: _wixUIDX=10647958|1a2c4034-469d-4f4d-bbd9-17deddaf67ec; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ Vary: User-Agent,Accept-Encoding Content-Language: en Content-Encoding: gzip double CRLF (carriage return, line feed) Content-Length: 8162 Content-Type: text/html;charset=UTF-8 Expires: 0 Cache-Control: no-cache Headers contents of the requested resource <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="https://www.facebook.com/2008/fbml" > <head> <meta http-equ
Everything is an extendable convention • You may create your own headers • You may create your own methods • You may not implement some methods • You may not implement header logic
HTTP Methods • GET method means retrieve whatever information. Is identified by the Request-URI • POST - used to send data to the server for updates. • PUT - method requests that the enclosed entity be stored under the supplied Request-URI. • DELETE - requests that the origin server delete the resource identified by the Request-URI. • HEAD - identical to GET except that the server MUST NOT return a message-body in the response. • TRACE - llows the client to see what is being received at the other end of the request chain and use that data for testing or
HTTP Headers • Accept: text/plain; - specify certain media types which are acceptable for the response. • Accept-Encoding: compress, gzip ; • Accept-Language: da, en-gb;q=0.8, en;q=0.7 ; • Cache-Control: max-age=0, must-revalidate • Vary: User-Agent,Accept-Encoding • ETag: "xyzzy" • Set-Cookie: _wixAB2=15361#2985#2014-08-05T13-30-00.000-0500 • Access-Control-Allow-Origin: * • X-Seen-By: sputnik3.aus_dsp • X-Wix-Dispatcher-Cache-Hit: no • X-Wix-Renderer-Server: apu2.aus.wixpress.com • X-Wix-Not-Found-Reason: Meta Site was not found
HTTP Status Codes and Errors • 1xx – Informational - intermediate response and indicates that the server has received the request but has not finished processing it. • 2xx – Successful: 200 OK • 3xx – Redirection: 301-permanent, 302-temporary • 4xx - Client Error: 400-bad request, 403-forbidden, 404-not found, 418 I'm a teapot • 5xx - Server Error: 500 Internal Server Error, 503-Service Unavailable,504-Gateway Timeout
Cookies Servers supply cookies by populating the set-cookie response header with the following details: Set-Cookie: name=value Name Name of the cookie Value Textual value to be held by the cookie Expire Date/time when the cookie should be discarded by the browser. s If this field is empty the cookie expires at the end of the current browser session. This field can also be used to delete a cookie by setting a date/time in the past. Path Path below which the cookie should be supplied by the browser. Domai Web site domain to which this cookie applies. n This will default to the current domain and attempts to set cookies on other domains are subject to the privacy controls built into the browser.
Type of cookies - Terminology • Session cookie - Web browsers normally delete session cookies when the user closes the browser • Persistent cookie - A persistent cookie will outlast user sessions – expires on a set timestamp • Secure cookie - A secure cookie has the secure attribute enabled and is only used via HTTPS • HttpOnly cookie - On a supported browser, only when transmitting HTTP (or HTTPS) requests. Not accessible to Javascript. • Third-party cookie - cookies that belong to domains different from the one shown in the address bar. Browsers send cookies via request header. Cookie: name=value; name2=value2 • Supercookie - cookie with an origin of a TLD(such as .com)
HTTP Caching • Preventing Caching - Cache-Control: no-cache (HTTP 1.1); Pragma: no-cache (HTTP 1.0) • Last-Modified: Wed, 15 Sep 2004 12:00:00 GMT – Browser can check the server for changes • GET /images/logo.gif HTTP/1.1 Jan 2038 19:14:07 GMT - browser can reuse Expires: Sun, 17 Accept: */* the content without having to check the server Referer: http://www.google.com/ Accept-Encoding: gzip, deflate If-Modified-Since: Thu, 23 Sep 2004 17:42:04 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) Host: www.google.com HTTP/1.1 304 Not Modified Content-Type: text/html Server: GWS/2.1 Content-Length: 0 Date: Thu, 04 Oct 2004 12:00:00 GMT
HTTP Methods • GET - method is used to retrieve information from a specified URI and is assumed to be a safe, have no side effects repeatable operation by browsers, caches and other HTTP aware components. • GET can only supply data in the form of parameters encoded in the URI (Query String) or as cookies. Therefore, GET cannot be used for uploading files or other operations that require large amounts of data to be sent to the server. • POST method is used for operations that have side effects and cannot be safely repeated. • POST request message has a content body that is normally used to send parameters and data. Unlike using the request URI or cookies, there is no upper limit on the amount of data that can be sent
POST Request Method POST /httpgallery/methods/default.aspx HTTP/1.1 Host: www.httpwatch.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: http://www.httpwatch.com/httpgallery/methods/ Cookie: __utma=1.1256977602.1377003403.1377082307.1377092487.5; __utmc=1; __utmz=1.1377003403.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=1.4.9.1377092850054 Proxy-Authorization: Basic b21lckB3aXguY29tOmg2M2ZycQ== Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 19 Set-Cookie: _wixAB2=5371#5567#2014-03-19T14-27-00.000-0500|15711#3472#2014-08-13T11-01-00.0000500|14841#8565#2014-07-23T09-16-00.000-0500|15551#935#2014-08-11T07-55-00.000-0500|15451#3523#2014-08-07T0755-00.000-0500|14451#3267#2014-07-14T09-23-00.000-0500|15941#4497#2014-08-15T15-39-00.0000500|14951#8608#2014-07-28T07-24-00.000-0500|15861#7296#2014-08-15T10-02-00.000-0500|12891#3395#2014-06-23T0734-00.000-0500|13501#6547#2014-07-01T12-46-00.000-0500|15361#2985#2014-08-05T13-30-00.000-0500; Domain=.wix.com; Expires=Tue, 21-Aug-2018 14:06:39 GMT; Path=/ double CRLF (carriage return, line feed) Set-Cookie: _wixCIDX=7e98f6cd-1c79-4661-9312-6f7aaeebf932; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ Set-Cookie: _wixUIDX=10647958|1a2c4034-469d-4f4d-bbd9-17deddaf67ec; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ post data / body Cache-Control: no-cache Headers Amount=10&B2=Submit
Redirection • HTTP allows servers to redirect a client request to a different location. Although, this will usually result in another network 30 round trip Permanent redirect – Content move permanently at the location specified by the Location header 1 and future requests should be directed to this location. 30 Temporary Redirect - future requests should still be sent to the original location 2 30 This status code was intended to be the only status code that caused a POST to be converted to a 3 GET. However, most browsers treat a 302 like a 303. 30 Not modified - Used in response to an If-Modified header to redirect a request to the browser's local 4HTTP/1.1 302 Found cache. Cache-Control: private,Public Content-Length: 162 Content-Type: text/html; charset=utf-8 Location: /httpgallery/redirection/default.aspx#example Set-Cookie: balance=990; path=/httpgallery/redirection/
HTTPS • The Secure Sockets Layer (SSL) was designed to encrypt any TCP/IP based network traffic and provide the following capabilities • Prevents eavesdropping • Prevents tampering or replaying of messages • Uses certificates to authenticate servers and optionally clients • The HTTPS protocol is the same text based protocol as HTTP but is run over an encrypted SSL session.
AJAX XML - Asynchronous JavaScript And • AJAX is a technology used by interactive web applications to make HTTP requests to a server without causing page transitions. • Requests have to go to the same domain as the page <script type="text/javascript"> function GetShoppingList() { // Create an instance of the HTTP request object var xmlHttp = new XMLHttpRequest(); // Specify HTTP GET by default and supply the relative url xmlHttp.open("GET", "getlist.aspx", false); // Start a synchronous AJAX request and wait for the response xmlHttp.send(null); var targetNode = document.getElementById("divShoppingList") ; // Use the HTML returned from server to create list targetNode.innerHTML = xmlHttp.responseText; }
Cross-origin resource sharing (CORS) • Allows JavaScript on a web page to make XMLHttpRequests to another domain • "preflighted" requests first send an HTTP OPTIONS method OPTIONS /resources/post-here/ HTTP/1.1 on the other domain, to determine if the request to the resource Host: bar.other request is safe to send. User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Connection: keep-alive Origin: http://foo.example Access-Control-Request-Method: POST Access-Control-Request-Headers: X-PINGOTHER HTTP/1.1 200 OK Date: Mon, 01 Dec 2008 01:15:39 GMT Access-Control-Allow-Origin: http://foo.example Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: X-PINGOTHER Access-Control-Max-Age: 1728000 POST /resources/post-here/ HTTP/1.1 Host: bar.other …
JSONP - "JSON with padding" • Provides a method to request data from a server in a different domain • JSONP has nothing to do with Ajax, since it does not use XMLHttpRequest. Instead it dynamically inserts Step 1 - You need to create a callback function. The function accepts some data. function w3r_callback(data){ console.log(data); } Step 2 - Include a script in your web page which contains the callback function created a step 1 as a parameter <script src="http://www.example.com?q=w3r_callback"><script> Step 3 - It outputs a script which calls the function and requested data is passed w3r_callback({ "FirstName" : "xyz", "LastName" : "abc", "Grade" : "A" } );
Resources • http://www.httpwatch.com/httpgallery/introduction/ • http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Ad

Recommended

Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Identity Management
Identity ManagementIdentity Management
Identity Management
Venkatesh Jambulingam
 
Json
JsonJson
Json
Steve Fort
 
Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuite
Nadim Kadiwala
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer Protocol
guest029bcd
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
sanjoysanyal
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
Hossein Yavari
 
OWASP Top 10 API Security Risks
OWASP Top 10 API Security RisksOWASP Top 10 API Security Risks
OWASP Top 10 API Security Risks
IndusfacePvtLtd
 
Http-protocol
Http-protocolHttp-protocol
Http-protocol
Toushik Paul
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol Basic
Chuong Mai
 
Http Protocol
Http ProtocolHttp Protocol
Http Protocol
N R Z Malik
 
Http protocol
Http protocolHttp protocol
Http protocol
Arpita Naik
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)
Shimona Agarwal
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes Everything
Lori MacVittie
 
Http headers
Http headersHttp headers
Http headers
Judy Ngure
 
Http Introduction
Http IntroductionHttp Introduction
Http Introduction
Akshay Dhole
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layer
tmavroidis
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Shubham Srivastava
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
Raed Aldahdooh
 
Http
HttpHttp
Http
Luavis Kang
 
Application layer
Application layer Application layer
Application layer
anonymous
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
FabMinds
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation
Lana Dujanovic
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
HTTP
HTTPHTTP
HTTP
altaykarakus
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and response
Sahil Agarwal
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
Nuha Noor
 
SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012
Fabian Lange
 
The SPDY Protocol
The SPDY ProtocolThe SPDY Protocol
The SPDY Protocol
Fabian Lange
 
Ad

More Related Content

What's hot (20)

Http-protocol
Http-protocolHttp-protocol
Http-protocol
Toushik Paul
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol Basic
Chuong Mai
 
Http Protocol
Http ProtocolHttp Protocol
Http Protocol
N R Z Malik
 
Http protocol
Http protocolHttp protocol
Http protocol
Arpita Naik
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)
Shimona Agarwal
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes Everything
Lori MacVittie
 
Http headers
Http headersHttp headers
Http headers
Judy Ngure
 
Http Introduction
Http IntroductionHttp Introduction
Http Introduction
Akshay Dhole
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layer
tmavroidis
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Shubham Srivastava
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
Raed Aldahdooh
 
Http
HttpHttp
Http
Luavis Kang
 
Application layer
Application layer Application layer
Application layer
anonymous
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
FabMinds
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation
Lana Dujanovic
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
HTTP
HTTPHTTP
HTTP
altaykarakus
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and response
Sahil Agarwal
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
Nuha Noor
 
Http-protocol
Http-protocolHttp-protocol
Http-protocol
Toushik Paul
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol Basic
Chuong Mai
 
Http Protocol
Http ProtocolHttp Protocol
Http Protocol
N R Z Malik
 
Http protocol
Http protocolHttp protocol
Http protocol
Arpita Naik
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)
Shimona Agarwal
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes Everything
Lori MacVittie
 
Http headers
Http headersHttp headers
Http headers
Judy Ngure
 
Http Introduction
Http IntroductionHttp Introduction
Http Introduction
Akshay Dhole
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layer
tmavroidis
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Shubham Srivastava
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
Raed Aldahdooh
 
Http
HttpHttp
Http
Luavis Kang
 
Application layer
Application layer Application layer
Application layer
anonymous
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
FabMinds
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation
Lana Dujanovic
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
HTTP
HTTPHTTP
HTTP
altaykarakus
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and response
Sahil Agarwal
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
Nuha Noor
 

Similar to Introduction to HTTP protocol (20)

SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012
Fabian Lange
 
The SPDY Protocol
The SPDY ProtocolThe SPDY Protocol
The SPDY Protocol
Fabian Lange
 
Nginx Scalable Stack
Nginx Scalable StackNginx Scalable Stack
Nginx Scalable Stack
Bruno Paiuca
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basic
MksYi
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
Adrian Cole
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
Kirsten Hunter
 
HTTP.pdf
HTTP.pdfHTTP.pdf
HTTP.pdf
stephanedjeukam1
 
Making the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsMaking the Most of HTTP In Your Apps
Making the Most of HTTP In Your Apps
Ben Ramsey
 
6 app-tcp
6 app-tcp6 app-tcp
6 app-tcp
Olivier Bonaventure
 
Overview of Cookies in HTTP - Miran al Mehrab
Overview of Cookies in HTTP - Miran al MehrabOverview of Cookies in HTTP - Miran al Mehrab
Overview of Cookies in HTTP - Miran al Mehrab
Cefalo
 
Hidden Gems in HTTP
Hidden Gems in HTTPHidden Gems in HTTP
Hidden Gems in HTTP
Ben Ramsey
 
Juglouvain http revisited
Juglouvain http revisitedJuglouvain http revisited
Juglouvain http revisited
marctritschler
 
Introduction to WebSockets
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSockets
Gunnar Hillert
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content Cache
Kevin Jones
 
Optimising Web Application Frontend
Optimising Web Application FrontendOptimising Web Application Frontend
Optimising Web Application Frontend
tkramar
 
What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?
NGINX, Inc.
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEA
NGINX, Inc.
 
Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014
bryan_call
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX, Inc.
 
Altitude SF 2017: The power of the network
Altitude SF 2017: The power of the networkAltitude SF 2017: The power of the network
Altitude SF 2017: The power of the network
Fastly
 
SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012SPDY - http reloaded - WebTechConference 2012
SPDY - http reloaded - WebTechConference 2012
Fabian Lange
 
The SPDY Protocol
The SPDY ProtocolThe SPDY Protocol
The SPDY Protocol
Fabian Lange
 
Nginx Scalable Stack
Nginx Scalable StackNginx Scalable Stack
Nginx Scalable Stack
Bruno Paiuca
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basic
MksYi
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
Adrian Cole
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
Kirsten Hunter
 
HTTP.pdf
HTTP.pdfHTTP.pdf
HTTP.pdf
stephanedjeukam1
 
Making the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsMaking the Most of HTTP In Your Apps
Making the Most of HTTP In Your Apps
Ben Ramsey
 
6 app-tcp
6 app-tcp6 app-tcp
6 app-tcp
Olivier Bonaventure
 
Overview of Cookies in HTTP - Miran al Mehrab
Overview of Cookies in HTTP - Miran al MehrabOverview of Cookies in HTTP - Miran al Mehrab
Overview of Cookies in HTTP - Miran al Mehrab
Cefalo
 
Hidden Gems in HTTP
Hidden Gems in HTTPHidden Gems in HTTP
Hidden Gems in HTTP
Ben Ramsey
 
Juglouvain http revisited
Juglouvain http revisitedJuglouvain http revisited
Juglouvain http revisited
marctritschler
 
Introduction to WebSockets
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSockets
Gunnar Hillert
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content Cache
Kevin Jones
 
Optimising Web Application Frontend
Optimising Web Application FrontendOptimising Web Application Frontend
Optimising Web Application Frontend
tkramar
 
What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?
NGINX, Inc.
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEA
NGINX, Inc.
 
Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014Choosing A Proxy Server - Apachecon 2014
Choosing A Proxy Server - Apachecon 2014
bryan_call
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX, Inc.
 
Altitude SF 2017: The power of the network
Altitude SF 2017: The power of the networkAltitude SF 2017: The power of the network
Altitude SF 2017: The power of the network
Fastly
 
Ad

More from Aviran Mordo (20)

Platform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalPlatform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - Final
Aviran Mordo
 
Scaling Engineering by Hacking Conway’s Law - Geecon,2022
Scaling Engineering by Hacking Conway’s Law - Geecon,2022Scaling Engineering by Hacking Conway’s Law - Geecon,2022
Scaling Engineering by Hacking Conway’s Law - Geecon,2022
Aviran Mordo
 
Arrested by the cap devoxx uk 2018
Arrested by the cap devoxx uk 2018Arrested by the cap devoxx uk 2018
Arrested by the cap devoxx uk 2018
Aviran Mordo
 
Scaling wix.com to 100 million users
Scaling wix.com to 100 million users Scaling wix.com to 100 million users
Scaling wix.com to 100 million users
Aviran Mordo
 
Mircoservices, dev ops and Engineering best practices at Wix.com
Mircoservices, dev ops and Engineering best practices at Wix.comMircoservices, dev ops and Engineering best practices at Wix.com
Mircoservices, dev ops and Engineering best practices at Wix.com
Aviran Mordo
 
Scaling Wix engineering
Scaling Wix engineering Scaling Wix engineering
Scaling Wix engineering
Aviran Mordo
 
Scaling wix with microservices and multi cloud - 2015
Scaling wix with microservices and multi cloud - 2015Scaling wix with microservices and multi cloud - 2015
Scaling wix with microservices and multi cloud - 2015
Aviran Mordo
 
Road to Continuous Delivery - Wix.com
Road to Continuous Delivery - Wix.comRoad to Continuous Delivery - Wix.com
Road to Continuous Delivery - Wix.com
Aviran Mordo
 
Advanced A/B Testing - Jax London 2015
Advanced A/B Testing - Jax London 2015Advanced A/B Testing - Jax London 2015
Advanced A/B Testing - Jax London 2015
Aviran Mordo
 
Scaling wix with microservices architecture jax london-2015
Scaling wix with microservices architecture jax london-2015Scaling wix with microservices architecture jax london-2015
Scaling wix with microservices architecture jax london-2015
Aviran Mordo
 
Scaling wix with microservices architecture devoxx London 2015
Scaling wix with microservices architecture devoxx London 2015Scaling wix with microservices architecture devoxx London 2015
Scaling wix with microservices architecture devoxx London 2015
Aviran Mordo
 
The Art of A/B Testing
The Art of A/B TestingThe Art of A/B Testing
The Art of A/B Testing
Aviran Mordo
 
Wix.com Back-end Engineering Guild Manifesto
Wix.com Back-end Engineering Guild ManifestoWix.com Back-end Engineering Guild Manifesto
Wix.com Back-end Engineering Guild Manifesto
Aviran Mordo
 
Scaling Wix with microservices architecture and multi-cloud platforms - Reve...
Scaling Wix with microservices architecture and multi-cloud platforms - Reve... Scaling Wix with microservices architecture and multi-cloud platforms - Reve...
Scaling Wix with microservices architecture and multi-cloud platforms - Reve...
Aviran Mordo
 
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014Experimenting on Humans - Advanced A/B Tests - QCon SF 2014
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014
Aviran Mordo
 
Wix Architecture at Scale - QCon London 2014
Wix Architecture at Scale - QCon London 2014Wix Architecture at Scale - QCon London 2014
Wix Architecture at Scale - QCon London 2014
Aviran Mordo
 
Scaling r&d org while maintaining quality
Scaling r&d org while maintaining qualityScaling r&d org while maintaining quality
Scaling r&d org while maintaining quality
Aviran Mordo
 
Wix Dev-Centric Culture And Continuous Delivery
Wix Dev-Centric Culture And Continuous DeliveryWix Dev-Centric Culture And Continuous Delivery
Wix Dev-Centric Culture And Continuous Delivery
Aviran Mordo
 
Lessons Learned Monitoring Production
Lessons Learned Monitoring ProductionLessons Learned Monitoring Production
Lessons Learned Monitoring Production
Aviran Mordo
 
Strategies in continuous delivery
Strategies in continuous deliveryStrategies in continuous delivery
Strategies in continuous delivery
Aviran Mordo
 
Platform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalPlatform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - Final
Aviran Mordo
 
Scaling Engineering by Hacking Conway’s Law - Geecon,2022
Scaling Engineering by Hacking Conway’s Law - Geecon,2022Scaling Engineering by Hacking Conway’s Law - Geecon,2022
Scaling Engineering by Hacking Conway’s Law - Geecon,2022
Aviran Mordo
 
Arrested by the cap devoxx uk 2018
Arrested by the cap devoxx uk 2018Arrested by the cap devoxx uk 2018
Arrested by the cap devoxx uk 2018
Aviran Mordo
 
Scaling wix.com to 100 million users
Scaling wix.com to 100 million users Scaling wix.com to 100 million users
Scaling wix.com to 100 million users
Aviran Mordo
 
Mircoservices, dev ops and Engineering best practices at Wix.com
Mircoservices, dev ops and Engineering best practices at Wix.comMircoservices, dev ops and Engineering best practices at Wix.com
Mircoservices, dev ops and Engineering best practices at Wix.com
Aviran Mordo
 
Scaling Wix engineering
Scaling Wix engineering Scaling Wix engineering
Scaling Wix engineering
Aviran Mordo
 
Scaling wix with microservices and multi cloud - 2015
Scaling wix with microservices and multi cloud - 2015Scaling wix with microservices and multi cloud - 2015
Scaling wix with microservices and multi cloud - 2015
Aviran Mordo
 
Road to Continuous Delivery - Wix.com
Road to Continuous Delivery - Wix.comRoad to Continuous Delivery - Wix.com
Road to Continuous Delivery - Wix.com
Aviran Mordo
 
Advanced A/B Testing - Jax London 2015
Advanced A/B Testing - Jax London 2015Advanced A/B Testing - Jax London 2015
Advanced A/B Testing - Jax London 2015
Aviran Mordo
 
Scaling wix with microservices architecture jax london-2015
Scaling wix with microservices architecture jax london-2015Scaling wix with microservices architecture jax london-2015
Scaling wix with microservices architecture jax london-2015
Aviran Mordo
 
Scaling wix with microservices architecture devoxx London 2015
Scaling wix with microservices architecture devoxx London 2015Scaling wix with microservices architecture devoxx London 2015
Scaling wix with microservices architecture devoxx London 2015
Aviran Mordo
 
The Art of A/B Testing
The Art of A/B TestingThe Art of A/B Testing
The Art of A/B Testing
Aviran Mordo
 
Wix.com Back-end Engineering Guild Manifesto
Wix.com Back-end Engineering Guild ManifestoWix.com Back-end Engineering Guild Manifesto
Wix.com Back-end Engineering Guild Manifesto
Aviran Mordo
 
Scaling Wix with microservices architecture and multi-cloud platforms - Reve...
Scaling Wix with microservices architecture and multi-cloud platforms - Reve... Scaling Wix with microservices architecture and multi-cloud platforms - Reve...
Scaling Wix with microservices architecture and multi-cloud platforms - Reve...
Aviran Mordo
 
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014Experimenting on Humans - Advanced A/B Tests - QCon SF 2014
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014
Aviran Mordo
 
Wix Architecture at Scale - QCon London 2014
Wix Architecture at Scale - QCon London 2014Wix Architecture at Scale - QCon London 2014
Wix Architecture at Scale - QCon London 2014
Aviran Mordo
 
Scaling r&d org while maintaining quality
Scaling r&d org while maintaining qualityScaling r&d org while maintaining quality
Scaling r&d org while maintaining quality
Aviran Mordo
 
Wix Dev-Centric Culture And Continuous Delivery
Wix Dev-Centric Culture And Continuous DeliveryWix Dev-Centric Culture And Continuous Delivery
Wix Dev-Centric Culture And Continuous Delivery
Aviran Mordo
 
Lessons Learned Monitoring Production
Lessons Learned Monitoring ProductionLessons Learned Monitoring Production
Lessons Learned Monitoring Production
Aviran Mordo
 
Strategies in continuous delivery
Strategies in continuous deliveryStrategies in continuous delivery
Strategies in continuous delivery
Aviran Mordo
 
Ad

Recently uploaded (20)

Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 

Introduction to HTTP protocol

  • 1. Introduction to HTTP Aviran Mordo Head Of Back-End Engineering @ Wix @aviranm http://www.linkedin.com/in/aviran http://www.aviransplace.com
  • 2. Intro • The Hyper Text Transfer Protocol (HTTP) is a client-server network protocol • In use by the World-Wide Web since 1990. • It is based on Request – Response Paradigm.
  • 3. HTTP Request Message HTTP Method relative URL of the resource or a full URL HTTP Version GET /website/template/photography/ HTTP/1.1 Accept:*/* Accept-Language: en-gb Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) Host: www.httpwatch.com Connection: Keep-Alive Head ers
  • 4. HTTP Response Status line HTTP/1.1 200 OK X-Seen-By: sputnik3.aus_dsp X-Seen-By: s3.aus_pp Date: Wed, 21 Aug 2013 09:02:49 GMT Server: Apache cache-control: max-age=604800 cache-control: no-cache Pragma: no-cache Set-Cookie: _wixAB2=5371#5567#2014-03-19T14-27-00.000-0500|15711#3472#2014-08-13T11-01-00.0000500|14841#8565#2014-07-23T09-16-00.000-0500|15551#935#2014-08-11T07-55-00.000-0500|15451#3523#2014-08-07T0755-00.000-0500|14451#3267#2014-07-14T09-23-00.000-0500|15941#4497#2014-08-15T15-39-00.0000500|14951#8608#2014-07-28T07-24-00.000-0500|15861#7296#2014-08-15T10-02-00.000-0500|12891#3395#2014-06-23T0734-00.000-0500|13501#6547#2014-07-01T12-46-00.000-0500|15361#2985#2014-08-05T13-30-00.000-0500; Domain=.wix.com; Expires=Tue, 21-Aug-2018 14:06:39 GMT; Path=/ Set-Cookie: _wixCIDX=7e98f6cd-1c79-4661-9312-6f7aaeebf932; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ Set-Cookie: _wixUIDX=10647958|1a2c4034-469d-4f4d-bbd9-17deddaf67ec; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ Vary: User-Agent,Accept-Encoding Content-Language: en Content-Encoding: gzip double CRLF (carriage return, line feed) Content-Length: 8162 Content-Type: text/html;charset=UTF-8 Expires: 0 Cache-Control: no-cache Headers contents of the requested resource <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="https://www.facebook.com/2008/fbml" > <head> <meta http-equ
  • 5. Everything is an extendable convention • You may create your own headers • You may create your own methods • You may not implement some methods • You may not implement header logic
  • 6. HTTP Methods • GET method means retrieve whatever information. Is identified by the Request-URI • POST - used to send data to the server for updates. • PUT - method requests that the enclosed entity be stored under the supplied Request-URI. • DELETE - requests that the origin server delete the resource identified by the Request-URI. • HEAD - identical to GET except that the server MUST NOT return a message-body in the response. • TRACE - llows the client to see what is being received at the other end of the request chain and use that data for testing or
  • 7. HTTP Headers • Accept: text/plain; - specify certain media types which are acceptable for the response. • Accept-Encoding: compress, gzip ; • Accept-Language: da, en-gb;q=0.8, en;q=0.7 ; • Cache-Control: max-age=0, must-revalidate • Vary: User-Agent,Accept-Encoding • ETag: "xyzzy" • Set-Cookie: _wixAB2=15361#2985#2014-08-05T13-30-00.000-0500 • Access-Control-Allow-Origin: * • X-Seen-By: sputnik3.aus_dsp • X-Wix-Dispatcher-Cache-Hit: no • X-Wix-Renderer-Server: apu2.aus.wixpress.com • X-Wix-Not-Found-Reason: Meta Site was not found
  • 8. HTTP Status Codes and Errors • 1xx – Informational - intermediate response and indicates that the server has received the request but has not finished processing it. • 2xx – Successful: 200 OK • 3xx – Redirection: 301-permanent, 302-temporary • 4xx - Client Error: 400-bad request, 403-forbidden, 404-not found, 418 I'm a teapot • 5xx - Server Error: 500 Internal Server Error, 503-Service Unavailable,504-Gateway Timeout
  • 9. Cookies Servers supply cookies by populating the set-cookie response header with the following details: Set-Cookie: name=value Name Name of the cookie Value Textual value to be held by the cookie Expire Date/time when the cookie should be discarded by the browser. s If this field is empty the cookie expires at the end of the current browser session. This field can also be used to delete a cookie by setting a date/time in the past. Path Path below which the cookie should be supplied by the browser. Domai Web site domain to which this cookie applies. n This will default to the current domain and attempts to set cookies on other domains are subject to the privacy controls built into the browser.
  • 10. Type of cookies - Terminology • Session cookie - Web browsers normally delete session cookies when the user closes the browser • Persistent cookie - A persistent cookie will outlast user sessions – expires on a set timestamp • Secure cookie - A secure cookie has the secure attribute enabled and is only used via HTTPS • HttpOnly cookie - On a supported browser, only when transmitting HTTP (or HTTPS) requests. Not accessible to Javascript. • Third-party cookie - cookies that belong to domains different from the one shown in the address bar. Browsers send cookies via request header. Cookie: name=value; name2=value2 • Supercookie - cookie with an origin of a TLD(such as .com)
  • 11. HTTP Caching • Preventing Caching - Cache-Control: no-cache (HTTP 1.1); Pragma: no-cache (HTTP 1.0) • Last-Modified: Wed, 15 Sep 2004 12:00:00 GMT – Browser can check the server for changes • GET /images/logo.gif HTTP/1.1 Jan 2038 19:14:07 GMT - browser can reuse Expires: Sun, 17 Accept: */* the content without having to check the server Referer: http://www.google.com/ Accept-Encoding: gzip, deflate If-Modified-Since: Thu, 23 Sep 2004 17:42:04 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) Host: www.google.com HTTP/1.1 304 Not Modified Content-Type: text/html Server: GWS/2.1 Content-Length: 0 Date: Thu, 04 Oct 2004 12:00:00 GMT
  • 12. HTTP Methods • GET - method is used to retrieve information from a specified URI and is assumed to be a safe, have no side effects repeatable operation by browsers, caches and other HTTP aware components. • GET can only supply data in the form of parameters encoded in the URI (Query String) or as cookies. Therefore, GET cannot be used for uploading files or other operations that require large amounts of data to be sent to the server. • POST method is used for operations that have side effects and cannot be safely repeated. • POST request message has a content body that is normally used to send parameters and data. Unlike using the request URI or cookies, there is no upper limit on the amount of data that can be sent
  • 13. POST Request Method POST /httpgallery/methods/default.aspx HTTP/1.1 Host: www.httpwatch.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: http://www.httpwatch.com/httpgallery/methods/ Cookie: __utma=1.1256977602.1377003403.1377082307.1377092487.5; __utmc=1; __utmz=1.1377003403.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=1.4.9.1377092850054 Proxy-Authorization: Basic b21lckB3aXguY29tOmg2M2ZycQ== Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 19 Set-Cookie: _wixAB2=5371#5567#2014-03-19T14-27-00.000-0500|15711#3472#2014-08-13T11-01-00.0000500|14841#8565#2014-07-23T09-16-00.000-0500|15551#935#2014-08-11T07-55-00.000-0500|15451#3523#2014-08-07T0755-00.000-0500|14451#3267#2014-07-14T09-23-00.000-0500|15941#4497#2014-08-15T15-39-00.0000500|14951#8608#2014-07-28T07-24-00.000-0500|15861#7296#2014-08-15T10-02-00.000-0500|12891#3395#2014-06-23T0734-00.000-0500|13501#6547#2014-07-01T12-46-00.000-0500|15361#2985#2014-08-05T13-30-00.000-0500; Domain=.wix.com; Expires=Tue, 21-Aug-2018 14:06:39 GMT; Path=/ double CRLF (carriage return, line feed) Set-Cookie: _wixCIDX=7e98f6cd-1c79-4661-9312-6f7aaeebf932; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ Set-Cookie: _wixUIDX=10647958|1a2c4034-469d-4f4d-bbd9-17deddaf67ec; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT; Path=/ post data / body Cache-Control: no-cache Headers Amount=10&B2=Submit
  • 14. Redirection • HTTP allows servers to redirect a client request to a different location. Although, this will usually result in another network 30 round trip Permanent redirect – Content move permanently at the location specified by the Location header 1 and future requests should be directed to this location. 30 Temporary Redirect - future requests should still be sent to the original location 2 30 This status code was intended to be the only status code that caused a POST to be converted to a 3 GET. However, most browsers treat a 302 like a 303. 30 Not modified - Used in response to an If-Modified header to redirect a request to the browser's local 4HTTP/1.1 302 Found cache. Cache-Control: private,Public Content-Length: 162 Content-Type: text/html; charset=utf-8 Location: /httpgallery/redirection/default.aspx#example Set-Cookie: balance=990; path=/httpgallery/redirection/
  • 15. HTTPS • The Secure Sockets Layer (SSL) was designed to encrypt any TCP/IP based network traffic and provide the following capabilities • Prevents eavesdropping • Prevents tampering or replaying of messages • Uses certificates to authenticate servers and optionally clients • The HTTPS protocol is the same text based protocol as HTTP but is run over an encrypted SSL session.
  • 16. AJAX XML - Asynchronous JavaScript And • AJAX is a technology used by interactive web applications to make HTTP requests to a server without causing page transitions. • Requests have to go to the same domain as the page <script type="text/javascript"> function GetShoppingList() { // Create an instance of the HTTP request object var xmlHttp = new XMLHttpRequest(); // Specify HTTP GET by default and supply the relative url xmlHttp.open("GET", "getlist.aspx", false); // Start a synchronous AJAX request and wait for the response xmlHttp.send(null); var targetNode = document.getElementById("divShoppingList") ; // Use the HTML returned from server to create list targetNode.innerHTML = xmlHttp.responseText; }
  • 17. Cross-origin resource sharing (CORS) • Allows JavaScript on a web page to make XMLHttpRequests to another domain • "preflighted" requests first send an HTTP OPTIONS method OPTIONS /resources/post-here/ HTTP/1.1 on the other domain, to determine if the request to the resource Host: bar.other request is safe to send. User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Connection: keep-alive Origin: http://foo.example Access-Control-Request-Method: POST Access-Control-Request-Headers: X-PINGOTHER HTTP/1.1 200 OK Date: Mon, 01 Dec 2008 01:15:39 GMT Access-Control-Allow-Origin: http://foo.example Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: X-PINGOTHER Access-Control-Max-Age: 1728000 POST /resources/post-here/ HTTP/1.1 Host: bar.other …
  • 18. JSONP - "JSON with padding" • Provides a method to request data from a server in a different domain • JSONP has nothing to do with Ajax, since it does not use XMLHttpRequest. Instead it dynamically inserts Step 1 - You need to create a callback function. The function accepts some data. function w3r_callback(data){ console.log(data); } Step 2 - Include a script in your web page which contains the callback function created a step 1 as a parameter <script src="http://www.example.com?q=w3r_callback"><script> Step 3 - It outputs a script which calls the function and requested data is passed w3r_callback({ "FirstName" : "xyz", "LastName" : "abc", "Grade" : "A" } );