HTTP, HyperText Transfer Protocol

Description Glossary RFCs Publications Obsolete RFCs

Description:

Protocol suite: TCP/IP.
Protocol type:Application layer file transfer protocol.
Ports: HTTP: 80, 8008, 8080 (TCP) server.
S-HTTP: 80 (TCP) server.
HTTPS: 443 (TCP) server over SSL/TLS.
Related protocols: webDAV, Web Distributed Authoring and Versioning.
URI:http:, https:
MIME subtype:application/http, message/http, message/s-http.
Working groups: http, HyperText Transfer Protocol.
httpbis, Hypertext Transfer Protocol Bis.
httpstate, HTTP State Management Mechanism.
webdav, WWW Distributed Authoring and Versioning.
wts, Web Transaction Security.
Links: w3: HTTP Object Header lines.
IANA: HTTP status codes.

RFC 1945:

HTTP is an application level protocol with the lightness and speed necessary for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World-Wide Web global information initiative since 1990.

Secure HTTP (S-HTTP) is a secure message-oriented communications protocol designed for use in conjunction with HTTP. It is designed to coexist with HTTP's messaging model.

HTTPS is HTTP encapsulated in an SSL/TLS stream.


MAC header IP header TCP header HTTP message :::

HTTP message:


Methods:

MethodReferences
DELETE RFC 1945
GET RFC 1945
HEAD RFC 1945
LINK RFC 1945
OPTIONS RFC 2068
PATCH RFC 2068
POST RFC 1945
PUT RFC 1945
TRACE RFC 2068
UNLINK RFC 1945

Header fields:

Header fieldDescriptionReferences
A-IM  RFC 3229
Accept  RFC 2616
Accept-Additions  RFC 2324
Accept-Charset  RFC 2616
Accept-Encoding  RFC 2616
Accept-Features  RFC 2295
Accept-Language  RFC 2616
Accept-Ranges  RFC 2616
Age  RFC 2616
Allow  RFC 2616
Alternates  RFC 2295
Authentication-Info  RFC 2617
Authorization  RFC 2616
C-Ext  RFC 2774
C-Man  RFC 2774
C-Opt  RFC 2774
C-PEPdeprecated. 
C-PEP-Infodeprecated. 
Cache-Control  RFC 2616
Connection  RFC 2616
Content-Base  
Content-Disposition  RFC 2616
Content-Encoding  RFC 2616
Content-ID  
Content-Language  RFC 2616
Content-Length  RFC 2616
Content-Location  RFC 2616
Content-MD5  RFC 2616
Content-Range  RFC 2616
Content-Script-Type  
Content-Style-Type  
Content-Type  RFC 2616
Content-Version  
Cookie  RFC 2965
Cookie2  RFC 2965
DAV  RFC 2518
Date  RFC 2616
Default-Style  
Delta-Base  RFC 3229
Depth  RFC 2518
Derived-From  
Destination  RFC 2518
Differential-ID  
Digest  RFC 3230
ETag  RFC 2616
Expect  RFC 2616
Expires  RFC 2616
Ext  RFC 2774
From  RFC 2616
GetProfile  
Host  RFC 2616
IM  RFC 3229
If  RFC 2518
If-Match  RFC 2616
If-Modified-Since  RFC 2616
If-None-Match  RFC 2616
If-Range  RFC 2616
If-Unmodified-Since  RFC 2616
Keep-Alive  RFC 2068
Label  RFC 3253
Last-Modified  RFC 2616
Link  RFC 2068
Location  RFC 2616
Lock-Token  RFC 2518
MIME-Version  RFC 2616
Man  RFC 2774
Max-Forwards  RFC 2616
Meter  RFC 2227
Negotiate  RFC 2295
Opt  RFC 2774
Ordering-Type  RFC 3648
Overwrite  RFC 2518
P3P  
PEP  
Pep-Info  
PICS-Label  
Position  RFC 3648
Pragma  RFC 2616
ProfileObject  
Protocol  
Protocol-Info  
Protocol-Query  
Protocol-Request  
Proxy-Authenticate  RFC 2616
Proxy-Authentication-Info  RFC 2617
Proxy-Authorization  RFC 2616
Proxy-Features  
Proxy-Instruction  
Public  RFC 2068
Range  RFC 2616
Referer  RFC 2616
Retry-After  RFC 2616
Safe  RFC 2310
Security-Scheme  RFC 2660
Server  RFC 2616
Set-Cookie  RFC 2109
Set-Cookie2  RFC 2965
SetProfile  
SoapAction  
Status-URI  RFC 2518
Surrogate-Capability  
Surrogate-Control  
TCNTransparent Content Negotiation. RFC 2295
TE  RFC 2616
Timeout  RFC 2518
Trailer  RFC 2616
Transfer-Encoding  RFC 2616
URI  RFC 2068
Upgrade  RFC 2616
User-Agent  RFC 2616
Variant-Vary  RFC 2295
Vary  RFC 2616
Via  RFC 2616
WWW-Authenticate  RFC 2616
Want-Digest  RFC 3230
Warning  RFC 2616

Status code categories:

CategoryDescription
1yzInformational.
2yzSuccess.
3yzRedirection.
4yzClient error.
5yzServer error.

HTTP status codes:

CodeDescriptionReferences
100Continue. RFC 2616
101Switching protocols. RFC 2616
102Processing.RFC 2518
200Ok. 
201Created. 
202Accepted. 
203Non-authoritive information. 
204No content. 
205Reset content. 
206Partial content. 
226IM used. 
300Multiple choices. 
301Moved permanently. 
302Moved temporarily. 
303See other. 
304Not modified. 
305Use proxy. 
400Bad request. 
401Unauthorized. 
402Payment required. 
403Forbidden. 
404Not found. 
405Method not allowed. 
406Not acceptable. 
407Proxy authentication required. 
408Request timeout. 
409Conflict. 
410Gone. 
411Length required. 
412Precondition failed. 
413Request entity too large. 
414Request URI too large. 
415Unsupported media type. 
426Upgrade Required. 
427  
428Precondition Required. RFC 6585
429Too Many Requests. RFC 6585
430  
431Request Header Fields Too Large. RFC 6585
500Internal server error.RFC 2616
501Not implemented.RFC 2616
502Bad gateway.RFC 2616
503Service unavailable.RFC 2616
504Gateway timeout.RFC 2616
505HTTP version not supported.RFC 2616
506Variant Also Negotiates (Experimental).RFC 2295
507Insufficient Storage.RFC 4918
508Loop Detected.RFC 5842
509  
510Not Extended.RFC 2774
511Network Authentication Required. RFC 6585

Glossary:

Age.
The elapsed time since a response was sent by, or successfully validated with, the origin server.

Cache.
(RFC 1945) A program's local store of response messages and the subsystem that controls its message storage, retrieval, and deletion. A cache stores cachable responses in order to reduce the response time and network bandwidth consumption on future, equivalent requests. Any client or server may include a cache, though a cache cannot be used by a server while it is acting as a tunnel.

Client.
(RFC 1945) An application program that establishes connections for the purpose of sending requests.

Entity.
(RFC 1945) A particular representation or rendition of a data resource, or reply from a service resource, that may be enclosed within a request or response message. An entity consists of metainformation in the form of entity headers and content in the form of an entity body.

Explicit expiration time.
(RFC 2068) The time at which the origin server intends that an entity should no longer be returned by a cache without further validation.

First-hand.
(RFC 2068) A response is first-hand if it comes directly and without unnecessary delay from the origin server, perhaps via one or more proxies. A response is also first-hand if its validity has just been checked directly with the origin server.

Fresh.
(RFC 2068) A response is fresh if its age has not yet exceeded its freshness lifetime.

Freshness lifetime.
(RFC 2068) The length of time between the generation of a response and its expiration time.

Gateway.
(RFC 1945) A server which acts as an intermediary for some other server. Unlike a proxy, a gateway receives requests as if it were the origin server for the requested resource; the requesting client may not be aware that it is communicating with a gateway. Gateways are often used as server-side portals through network firewalls and as protocol translators for access to resources stored on non-HTTP systems.

Heuristic expiration time.
(RFC 2068) An expiration time assigned by a cache when no explicit expiration time is available.

Proxy.
(RFC 1945) An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them, with possible translation, on to other servers. A proxy must interpret and, if necessary, rewrite a request message before forwarding it. Proxies are often used as client-side portals through network firewalls and as helper applications for handling requests via protocols not implemented by the user agent.

Origin server.
(RFC 1945) The server on which a given resource resides or is to be created.

Semantically transparent.
(RFC 2068) A cache behaves in a "semantically transparent" manner, with respect to a particular response, when its use affects neither the requesting client nor the origin server, except to improve performance. When a cache is semantically transparent, the client receives exactly the same response (except for hop-by-hop headers) that it would have received had its request been handled directly by the origin server.

Server.
(RFC 1945) An application program that accepts connections in order to service requests by sending back responses.

Stale.
(RFC 2068) A response is stale if its age has passed its freshness lifetime.

Tunnel.
(RFC 1945) A tunnel is an intermediary program which is acting as a blind relay between two connections. Once active, a tunnel is not considered a party to the HTTP communication, though the tunnel may have been initiated by an HTTP request. The tunnel ceases to exist when both ends of the relayed connections are closed. Tunnels are used when a portal is necessary and the intermediary cannot, or should not, interpret the relayed communication.

User agent.
(RFC 1945) The client which initiates a request. These are often browsers, editors, spiders (web-traversing robots), or other end user tools.

Validator.
(RFC 2068) A protocol element (e.g., an entity tag or a Last-Modified time) that is used to find out whether a cache entry is an equivalent copy of an entity.

Variant.
(RFC 2068) A resource may have one, or more than one, representation(s) associated with it at any given instant. Each of these representations is termed a `variant.' Use of the term `variant' does not necessarily imply that the resource is subject to content negotiation.


RFCs:

[RFC 1945] Hypertext Transfer Protocol -- HTTP/1.0.

[RFC 2145] Use and interpretation of HTTP version numbers.

[RFC 2169] A Trivial Convention for using HTTP in URN Resolution.

[RFC 2227] Simple Hit-Metering and Usage-Limiting for HTTP.

[RFC 2291] Requirements for a Distributed Authoring and Versioning Protocol for the World Wide Web.

[RFC 2295] Transparent Content Negotiation in HTTP.

[RFC 2296] HTTP Remote Variant Selection Algorithm -- RVSA/1.0.

[RFC 2310] The Safe Response Header Field.

[RFC 2324] Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0).

[RFC 2518] HTTP Extensions for Distributed Authoring -- WEBDAV.

[RFC 2560] X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP.

[RFC 2585] Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP.

[RFC 2616] Hypertext Transfer Protocol -- HTTP/1.1.

[RFC 2617] HTTP Authentication: Basic and Digest Access Authentication.

[RFC 2660] The Secure HyperText Transfer Protocol.

[RFC 2774] An HTTP Extension Framework.

[RFC 2817] Upgrading to TLS Within HTTP/1.1.

[RFC 2818] HTTP Over TLS.

[RFC 2936] HTTP MIME Type Handler Detection.

[RFC 2964] Use of HTTP State Management.

[RFC 2965] HTTP State Management Mechanism.

[RFC 3143] Known HTTP Proxy/Caching Problems.

[RFC 3205] On the use of HTTP as a Substrate.

[RFC 3229] Delta encoding in HTTP.

[RFC 3230] Instance Digests in HTTP.

[RFC 3253] Versioning Extensions to WebDAV (Web Distributed Authoring and Versioning).

[RFC 3648] Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol.

[RFC 3675] .sex Considered Dangerous.

[RFC 3875] The Common Gateway Interface (CGI) Version 1.1.

[RFC 4130] MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2).

[RFC 4169] Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2.

[RFC 4236] HTTP Adaptation with Open Pluggable Edge Services (OPES).

[RFC 5988] Web Linking.

[RFC 5989] A SIP Event Package for Subscribing to Changes to an HTTP Resource.

[RFC 6585] Additional HTTP Status Codes.


Publications:


Obsolete RFCs:

[RFC 2068] Hypertext Transfer Protocol -- HTTP/1.1.

[RFC 2069] An Extension to HTTP : Digest Access Authentication.

[RFC 2109] HTTP State Management Mechanism.


Description Glossary RFCs Publications Obsolete RFCs