Hypertext Transfer Protocol (HTTP): overview, operation, and versions

HTTP is the application-layer protocol for transferring web resources. This article explains its core concepts, common methods, history, major versions, security (HTTPS), and typical uses.

Overview

Hypertext Transfer Protocol — commonly written as HTTP — is an application-layer communications protocol used to request and deliver resources such as web pages, images and files across the internet. Designed originally to link hypertext documents, HTTP defines how a client and server exchange messages so that a user agent can retrieve representations identified by a URL or URI. Modern web browsing, APIs, and many distributed systems rely on HTTP as a fundamental transport for structured data and media.

Core concepts and structure

HTTP follows a request–response model. A client (often a web browser but also programs or crawlers) opens a connection to a server and sends a request that contains a method, a target, headers and sometimes a body. The server replies with a status line, headers and an optional body. Common request methods include GET, POST, PUT and DELETE; status codes are grouped by class (1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error). Headers communicate metadata such as content type, caching rules and authentication tokens.

Mechanisms that matter

Several features influence performance and behavior: persistent connections allow multiple requests on a single transport, caching reduces redundant transfers, cookies and other headers manage state, and content negotiation helps select appropriate formats. HTTP is stateless by design — each request is independent — but stateful interactions are built on top of it through cookies, tokens and other mechanisms. Tools such as web crawlers and search engines (for example, search engines and Google) rely on HTTP to fetch pages for indexing.

History and development

HTTP was created in the early 1990s by Tim Berners-Lee at CERN; the initial design aimed to make linked documents accessible across networks and machines, an idea that became the World Wide Web. Subsequent refinements standardized syntax, semantics and extensibility through a series of RFCs. Version 1.1 became the widespread baseline for many years, while later revisions focused on performance and security improvements to meet the demands of modern web applications.

Versions and notable differences

HTTP/1.1: text-based, widely supported, introduced persistent connections and many practical header fields.
HTTP/2: binary framing, multiplexing of requests over a single connection, header compression and better parallelism; adopted to reduce latency and improve throughput.
HTTP/3: runs over QUIC (a UDP-based transport), aims to reduce connection and transport latency further and improve resilience to packet loss.

Security: HTTPS

The secure form of the protocol, HTTPS, pairs HTTP semantics with encryption (typically TLS) so that headers and bodies are protected in transit. HTTPS normally uses port 443 instead of the default HTTP port 80 and prevents eavesdropping and tampering by malicious actors such as hackers. Today, most browsers and servers prefer or enforce HTTPS by default; sites that perform sensitive tasks such as online payments should always use it to protect user data.

Uses and practical considerations

HTTP is the backbone of browsing, content distribution and web APIs. Developers choose between versions and configurations depending on latency, compatibility and security requirements. When locating a resource, clients use a URI and typically connect to the server’s default port (port 80 for plain HTTP) to begin the exchange. Administrators and developers monitor header behavior, caching policies and TLS configuration to balance speed, scalability and privacy.