{"id":25633,"date":"2023-10-26T14:05:12","date_gmt":"2023-10-26T12:05:12","guid":{"rendered":"https:\/\/enginsight.com\/blog\/http-a-look-behind-the-scenes-of-the-internet\/"},"modified":"2023-10-26T14:05:18","modified_gmt":"2023-10-26T12:05:18","slug":"http-a-look-behind-the-scenes-of-the-internet","status":"publish","type":"post","link":"https:\/\/enginsight.com\/en\/blog\/http-a-look-behind-the-scenes-of-the-internet\/","title":{"rendered":"HTTP: A look behind the scenes of the Internet"},"content":{"rendered":"<p><em>If you think about it more closely, it&#x2019;s actually almost magical. You enter a character string in the address bar of your browser, press Enter once and you see the weather report for the weekend or the latest football results. But have you ever thought about what was going on in the background until you discovered, to your dismay, that TSV Gr&#xFC;nkraut had lost again? HTTP plays a central role here.<\/em><\/p>\n\n<h2 class=\"wp-block-heading\">The HTTP protocol<\/h2>\n\n<p>As a normal user, you would hardly notice it if it weren&#x2019;t at the beginning of so many URLs, but communication throughout the World Wide Web is based on the HTTP protocol. In this article we want to take a closer look at the so-called <strong>HTTP request-response cycle<\/strong>, i.e. everything that happens in the background from entering the URL to displaying the website in the browser.<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"httpnachrichtenrequestresponse\">HTTP messages: request and response<\/h3>\n\n<p><strong>HTTP<\/strong> stands for &#x201C;Hypertext Transfer Protocol&#x201D;. It is now mainly used to load websites from the WWW into a web browser. The &#x201C;communication units&#x201D; in HTTP are called messages. In principle there are two different types of HTTP messages.   The <strong><em>request<\/em> <em>goes<\/em><\/strong> from the user (often called the <strong><em>client<\/em><\/strong> in this context) to the server. The <strong><em>response<\/em> <em>goes<\/em><\/strong> from the <strong>server<\/strong> to the user in response. Let&#x2019;s look at an example.<\/p>\n\n<p>A user (let&rsquo;s call him Herbert) wants to access a website, e.g. the Stones &amp; Weeds online shop. Herbert would like to take a look at the newly added products from the &ldquo;Stones&rdquo; category. He therefore types the following URL into his browser: <code>http:\/\/www.SteineundUnkraut.org \/Neu\/Steine.html<\/code> The browser then sends an HTTP request to the server on which the online shop&#x2019;s website is located. This processes the request and sends an HTTP response. But what exactly does an HTTP message look like?<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"httpnachrichtenaufbau\">HTTP messages: structure<\/h3>\n\n<p>A typical HTTP message consists of 3 parts, the <em>start line<\/em>, the message <em>header<\/em> and the message <em>body<\/em>. The information contained in these three parts depends on whether the HTTP message is an HTTP request or an HTTP response.<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"httpanfrage\">HTTP request<\/h3>\n\n<p>The <strong>start line<\/strong> in an HTTP request initially contains the <em>method<\/em>, a command that tells the server what it should actually do. Two very well-known examples of HTTP methods are <em>GET<\/em> (tells the server to send data to the user) and <em>POST<\/em> (tells the server to save data to the database). In our example, the method would be <em>GET<\/em> because Herbert&#x2019;s browser requests data (the website) from the server.<\/p>\n\n<p>Next in the start line is the <em>URI<\/em>, not to be confused with the <em>URL<\/em>. URIs are used for identification and URLs for localization. But be careful, localization also means identification. For example, you can identify a person based on where they live. So all URLs are URIs at the same time. However, there are URIs that are not URLs. For example, is <code>SteineundUnkraut.org<\/code> a URI and <code>http:\/\/www.SteineundUnkraut.org<\/code> is a URL because not only does it identify the web page, but HTTP also shows us where the resource (the web page) is.  <\/p>\n\n<p>At the end of the start line, the browser tells you which <em>HTTP version<\/em> it is using. The starting line from our example could look like this:  <code>GET \/Neu\/Steine.html HTTP 1.0<\/code><\/p>\n\n<p>The <strong>request headers<\/strong> are basically pairs consisting of a name (case sensitive) followed by a colon and a value. Headers specify certain rules and information, e.g. the host. This is the address of the server to which we send the request.  In the headers you can also specify, for example, which language the client accepts as a response (<em>Accept Language<\/em>). The request headers in our example could look like this:<br><code>Host: www.SteineundUnkraut.org<\/code><br><code>Accept-Language: de<\/code><\/p>\n\n<p>We need an HTTP request <strong>body<\/strong> at this point, but not in our example.<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"httpantwort\">HTTP response<\/h3>\n\n<p>There is no method or URI in the <strong>start line<\/strong> of the HTTP response. Here we only have the <em>HTTP version<\/em> and a <em>status code<\/em>. This status code tells the user whether the request was successful or failed. Status Code <em>200<\/em> returns &#x201C;<em>OK<\/em>&#x201D; and means that the request was processed successfully and the result is transmitted in the response. The code, on the other hand, which probably every Internet user knows: <em>404<\/em> returns &#x201C;<em>not found<\/em>&#x201D; and means that the requested resource was not found. But there are many others.<\/p>\n\n<p>For example, status code <em>418<\/em> returns &#x201C;<em>I&#x2019;m a teapot<\/em>&#x201D; and indicates that the server refuses to make coffee because it is a teapot. This error message is part of the &#x201C;Hyper Text Coffee Pot Control Protocol&#x201D; and was intended as an extension for HTTP &#x2013; but only as an April Fool&#x2019;s joke. Nevertheless, the error was also implemented by humorous developers in well-known software projects (e.g. Google&#x2019;s Go programming language).<\/p>\n\n<p>The <strong>response headers<\/strong> have the same format as the request headers. However, you can use it to specify other information and rules. For example, the time of sending (<em>date<\/em>) or information about the web server used. The response headers in our example could look like this:<br><code>Date: Tue, 27 Feb 2018 08:12:31 GMT<\/code><br><code>Server: Apache\/1.3.27 (Unix) (Red-Hat\/Linux)<\/code><\/p>\n\n<p>The <strong>response body<\/strong> then contains the desired data, i.e. the website.<\/p>\n\n<p>Depending on the method, HTTP version, etc., you <em>may have to<\/em> send different headers or no headers at all. However, you <em>can<\/em> select and send as many of the official headers defined in the HTTP standard as you deem necessary. As a rule, there is not just one HTTP request and HTTP response, but several. For example, there is an extra exchange for an image that is on the website.<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"sicherheitdurchhttpheader\">IT security through HTTP headers<\/h3>\n\n<p>HTTP headers also play a major role from security aspects. For example, they are a simple way to actively protect visitors to a website. <\/p>\n\n<p>You can find out exactly how this works and which HTTP headers you should definitely set in one of our next blog posts: <a href=\"https:\/\/enginsight.com\/de\/blog\/benoetige-ich-https\/\"><strong>Data security: Do I need HTTPS?<\/strong><\/a><\/p>\n\n<p>If you would like to check now whether these important headers are set for you, register with Enginsight and test our platform free of charge for 14 days.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you think about it more closely, it&#x2019;s actually almost magical. You enter a character string in the address bar of your browser, press Enter once and you see the weather report for the weekend or the latest football results. But have you ever thought about what was going on in the background until you [&#x2026;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_eb_attr":"","footnotes":""},"categories":[244],"tags":[],"class_list":["post-25633","post","type-post","status-publish","format-standard","hentry","category-endpoint-network-security"],"_links":{"self":[{"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/posts\/25633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/comments?post=25633"}],"version-history":[{"count":0,"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/posts\/25633\/revisions"}],"wp:attachment":[{"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/media?parent=25633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/categories?post=25633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/enginsight.com\/en\/wp-json\/wp\/v2\/tags?post=25633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}