HTTP vs HTTPS Protocols

HTTP serves as the foundational protocol for data exchange on the web, utilizing TCP to establish a standard for client-server communication. It focuses on efficiently fetching hypertext resources from servers to browsers.

HTTPS acts as the secure extension of HTTP, incorporating an SSL/TLS layer to protect data in transit. The security of HTTPS relies entirely on this cryptographic protocol.

Key distinctions between the two include:

• Certification: Securing a domain with HTTPS requires obtaining an X.509 certificate from a Certificate Authority (CA), wich typically incurs a cost, whereas HTTP operates without certificates.
• Data Transmission: HTTP transfers data in plaintext, making it vulnerable to interception. HTTPS encrypts the payload using SSL/TLS, ensuring confidentiality.
• Network Ports: By default, HTTP communicates over port 80, while HTTPS operates on port 443.
• Security Model: HTTP is inherently stateless and lacks built-in security mechanisms. HTTPS integrates cryptographic protocols to provide data encryption and identity authentication.

Synchronous vs Asynchronous Communication

• Synchronous: Operations execute sequentially. A subsequent request is dispatched only after receiving the response from the prior one. This blocking approach mitigates race conditions and prevents data inconsistencies.
• Asynchronous: Requests are fired off independently, without waiting for preceding responses. This non-blocking model maximizes throughput and supports high concurrency.

HTTP Response Status Codes

2xx (Successful)

The request was received, understood, and procesed successfully.

• 200 OK: The standard response for successful HTTP requests.
• 201 Created: The request succeeded, and a new resource was generated.
• 202 Accepted: The request has been accepted for processing but has not been completed.
• 203 Non-Authoritative Information: The returned metadata originates from a third-party source rather than the origin server.
• 204 No Content: The server successfully processed the request but is not returning any content.
• 205 Reset Content: The server requests the client to reset the document view.
• 206 Partial Content: The server is delivering only a portion of the resource due to a range header sent by the client.

3xx (Redirection)

Further action must be taken to complete the request.

• 300 Multiple Choices: Multiple resource options are availible for the target URL.
• 301 Moved Permanently: The resource has been permanently moved to a new URL.
• 302 Found: The resource is temporarily located at a different URL.
• 303 See Other: The client must retrieve the response via a GET request to a different URI.
• 304 Not Modified: Indicates that the cached version of the resource remains unchanged since the last request.
• 305 Use Proxy: The requested resource must be accessed through the specified proxy.
• 307 Temporary Redirect: The resource is temporarily available at a different URL, and the HTTP method must not be changed.

4xx (Client Error)

The request contains invalid syntax or cannot be fulfilled by the server.

• 400 Bad Request: The server cannot parse the malformed request syntax.
• 401 Unauthorized: Authentication is required and has not been provided.
• 403 Forbidden: The server refuses to authorize the request despite valid authentication.
• 404 Not Found: The requested endpoint does not exist on the server.
• 405 Method Not Allowed: The HTTP method used is not supported for the target resource.
• 406 Not Acceptable: The server cannot produce a response matching the client's accepted content types.
• 407 Proxy Authentication Required: Authentication is required by the intermediary proxy server.
• 408 Request Timeout: The server timed out waiting for the complete request.
• 409 Conflict: The request conflicts with the current state of the server.
• 410 Gone: The resource has been permanently removed and is no longer available.
• 411 Length Required: The request lacks a required Content-Length header.
• 412 Precondition Failed: Preconditions defined in the request headers were not met.
• 413 Payload Too Large: The request payload exceeds the server's capacity to process.
• 414 URI Too Long: The requested URL is too long for the server to process.
• 415 Unsupported Media Type: The payload format is unsupported by the target resource.
• 416 Range Not Satisfiable: The requested byte range cannot be satisfied by the server.
• 417 Expectation Failed: The expectation defined in the Expect header cannot be met by the server.

5xx (Server Error)

The server failed to fulfill a valid request due to an internal issue.

• 500 Internal Server Error: The server encountered an unexpected condition that prevented it from fulfilling the request.
• 501 Not Implemented: The server lacks the functionality to support the requested HTTP method.
• 502 Bad Gateway: The gateway or proxy received an invalid response from the upstream server.
• 503 Service Unavailable: The server is temporarily unable to handle the request due to overload or maintenance.
• 504 Gateway Timeout: The gateway or proxy did not receive a timely response from the upstream server.
• 505 HTTP Version Not Supported: The HTTP version used in the request is not supported by the server.