Application protocol for distributed, collaborative, hypermedia information systems
HTTP
International standard
RFC 1945 HTTP/1.0
RFC 9110 HTTP Semantics
RFC 9111 HTTP Caching
RFC 9112 HTTP/1.1
RFC 9113 HTTP/2
RFC 7541 HTTP/2: HPACK Header Compression
RFC 8164 HTTP/2: Opportunistic Security for HTTP/2
RFC 8336 HTTP/2: The ORIGIN HTTP/2 Frame
RFC 8441 HTTP/2: Bootstrapping WebSockets with HTTP/2
RFC 9114 HTTP/3
RFC 9204 HTTP/3: QPACK: Field Compression
Developed by
initially CERN; IETF, W3C
Introduced
1991; 33 years ago (1991)
Website
https://httpwg.org/specs/
HTTP
Persistence
Compression
HTTPS
QUIC
Request methods
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PATCH
Header fields
Cookie
ETag
Location
HTTP referer
DNT
X-Forwarded-For
Response status codes
301 Moved Permanently
302 Found
303 See Other
403 Forbidden
404 Not Found
451 Unavailable for Legal Reasons
Security access control methods
Basic access authentication
Digest access authentication
Security vulnerabilities
HTTP header injection
HTTP request smuggling
HTTP response splitting
HTTP parameter pollution
v
t
e
Internet protocol suite
Application layer
BGP
DHCP (v6)
DNS
FTP
HTTP (HTTP/3)
HTTPS
IMAP
IRC
LDAP
MGCP
MQTT
NNTP
NTP
OSPF
POP
PTP
ONC/RPC
RTP
RTSP
RIP
SIP
SMTP
SNMP
SSH
Telnet
TLS/SSL
XMPP
more...
Transport layer
TCP
UDP
DCCP
SCTP
RSVP
QUIC
more...
Internet layer
IP
v4
v6
ICMP (v6)
NDP
ECN
IGMP
IPsec
more...
Link layer
ARP
Tunnels
PPP
MAC
more...
v
t
e
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.
Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989 and summarized in a simple document describing the behavior of a client and a server using the first HTTP version, named 0.9.[2] That version was subsequently developed, eventually becoming the public 1.0.[3]
Development of early HTTP Requests for Comments (RFCs) started a few years later in a coordinated effort by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), with work later moving to the IETF.
HTTP/1 was finalized and fully documented (as version 1.0) in 1996.[4] It evolved (as version 1.1) in 1997 and then its specifications were updated in 1999, 2014, and 2022.[5]
Its secure variant named HTTPS is used by more than 85% of websites.[6]
HTTP/2, published in 2015, provides a more efficient expression of HTTP's semantics "on the wire". As of January 2024,[update] it is used by 36% of websites[7] and supported by almost all web browsers (over 98% of users).[8] It is also supported by major web servers over Transport Layer Security (TLS) using an Application-Layer Protocol Negotiation (ALPN) extension[9] where TLS 1.2 or newer is required.[10][11]
HTTP/3, the successor to HTTP/2, was published in 2022.[12] As of February 2024,[update] it is now used on 29% of websites[13] and is supported by most web browsers, i.e. (at least partially) supported by 97% of users.[14] HTTP/3 uses QUIC instead of TCP for the underlying transport protocol. Like HTTP/2, it does not obsolesce previous major versions of the protocol. Support for HTTP/3 was added to Cloudflare and Google Chrome first,[15][16] and is also enabled in Firefox.[17] HTTP/3 has lower latency for real-world web pages, if enabled on the server, and loads faster than with HTTP/2, in some cases over three times faster than HTTP/1.1 (which is still commonly only enabled).[18]
^Cite error: The named reference rfc9110 was invoked but never defined (see the help page).
^Tim Berner-Lee (1991-01-01). "The Original HTTP as defined in 1991". www.w3.org. World Wide Web Consortium. Retrieved 2010-07-24.
^Tim Berner-Lee (1992). "Basic HTTP as defined in 1992". www.w3.org. World Wide Web Consortium. Retrieved 2021-10-19.
^In RFC 1945. That specification was then overcome by HTTP/1.1.
^RFC 2068 (1997) was obsoleted by RFC 2616 in 1999, which was obsoleted by RFC 7230 in 2014, which was obsoleted by RFC 9110 in 2022.
^"Usage Statistics of Default protocol https for websites". w3techs.com. Retrieved 2024-01-05.
^"Usage Statistics of HTTP/2 for websites". w3techs.com. Retrieved 2024-01-05.
^"Can I use... Support tables for HTML5, CSS3, etc". caniuse.com. Retrieved 2024-01-05.
^Belshe, M.; Peon, R.; Thomson, M. "Hypertext Transfer Protocol Version 2, Use of TLS Features". Archived from the original on 2013-07-15. Retrieved 2015-02-10.
^Benjamin, David. Using TLS 1.3 with HTTP/2. doi:10.17487/RFC8740. RFC 8740. Retrieved 2020-06-02. This lowers the barrier for deploying TLS 1.3, a major security improvement over TLS 1.2.
^HTTP/3. 6 June 2022. doi:10.17487/RFC9114. RFC 9114. Retrieved 2022-06-06.
^"Usage Statistics of HTTP/3 for websites". w3techs.com. Retrieved 2024-01-08.
^"Can I use... Support tables for HTML5, CSS3, etc". canIuse.com. Retrieved 2024-01-08.
^Cimpanu, Catalin (26 September 2019). "Cloudflare, Google Chrome, and Firefox add HTTP/3 support". ZDNet. Retrieved 27 September 2019.
^"HTTP/3: the past, the present, and the future". The Cloudflare Blog. 2019-09-26. Retrieved 2019-10-30.
Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is...
communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response...
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over...
This is a list of Hypertext Transfer Protocol (HTTP) response status codes. Status codes are issued by a server in response to a client's request made...
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user...
The 502 Bad Gateway error is an HTTP status code that occurs when a server acting as a gateway or proxy receives an invalid or faulty response from another...
The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code...
HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if...
In HTTP, "Referer" (a misspelling of Referrer) is an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI), from...
HTTP pipelining is a feature of HTTP/1.1, which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding...
The HTTP response status code 303 See Other is a way to redirect web applications to a new URI, particularly after a HTTP POST has been performed, since...
The ETag or entity tag is part of HTTP, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for Web cache validation...
HTTP compression is a capability that can be built into web servers and web clients to improve transfer speed and bandwidth utilization. HTTP data is...
In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and...
On the World Wide Web, HTTP 301 is the HTTP response status code for 301 Moved Permanently. It is used for permanent redirecting, meaning that links or...
HTTP header fields are a list of strings sent and received by both the client program and server on every HTTP request and response. These headers are...
HTTP tunneling is used to create a network link between two computers in conditions of restricted network connectivity including firewalls, NATs and ACLs...
HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple...
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade...
HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize...
HTTP Status Code 402, also known as "Payment Required," is a standard response code in the Hypertext Transfer Protocol (HTTP). It is part of the HTTP/1...
HTTP Message Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any (in the case of HTTP/0...
In computer networking, HTTP 451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the...
The Wayback Machine is a digital archive of the World Wide Web founded by the Internet Archive, an American nonprofit organization based in San Francisco...
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically...
hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web...