http
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents such as HTML. It is designed for communication between Web browsers and Web servers, but it can also be used for other purposes. HTTP follows the classic client-server model, where a client opens a connection to make a request and then waits for it to receive a server-side response. HTTP is a stateless protocol, meaning that the server does not retain any data (state) between requests. Although typically based on the TCP/IP layer, it can be used at any reliable transport layer; That is, a protocol that does not silently lose messages, such as UDP.
Http1.0 era
There are two main factors that affect an HTTP network request: bandwidth and latency.
-
Bandwidth: If we were still in the dial-up phase, bandwidth would be a serious problem, but now that the network infrastructure has improved bandwidth so much that we don’t have to worry about bandwidth affecting speed, all that’s left is latency.
-
Delay:
- HOL blocking: Browsers block requests for a number of reasons. A browser can have only four connections for the same domain name at a time (this may vary depending on the browser kernel). If the number of connections exceeds the threshold, subsequent requests will be blocked.
- DNS Lookup: The browser needs to know the IP address of the target server to establish a connection. The system that resolves domain names into IP addresses is called DNS. This can often be done with DNS caching results to reduce this time.
- Initial Connection: HTTP is based on TCP. The browser can set up an actual connection only after the third handshake. However, these connections cannot be reused, resulting in three handshakes and slow startup for each request. The effect of three-way handshake is more obvious in the case of high latency, and the effect of slow startup is more significant in the case of large file requests.
The main difference
HTTP1.0 was first used in 1996 for simple web pages and web requests, while HTTP1.1 was widely used in 1999 for web requests from major browsers, and is currently the most widely used HTTP protocol. The main differences are as follows:
-
HTTP1.0 mainly uses if-modified-since,Expires in the header. HTTP1.1 introduces more cache control policies such as Entity tag. If-unmodified-since, if-match, if-none-match, etc.
-
Bandwidth optimization and network connection, HTTP1.0, there are some waste of bandwidth, such as the client only needs a part of an object, and the server will send the whole object over, and does not support breakpoint continuation function, HTTP1.1 is introduced in the request header range header field, which allows only a part of the resource request, The return code is 206 (Partial Content), which makes it easy for developers to make the most of bandwidth and connections.
-
Error notification management, HTTP1.1 added 24 error status response code, such as 409 (Conflict) indicates that the requested resource and the current state of the resource Conflict; 410 (Gone) Indicates that a resource on the server is permanently deleted.
-
The Host header processing, in HTTP1.0, assumes that each server is bound to a unique IP address, so the URL in the request message does not pass the hostname. However, with the development of virtual hosting technology, there can be multiple virtual hosts (multi-homed Web Servers) on a physical server, and they share the same IP address. HTTP1.1 both Request and response messages should support the Host header field, and an error (400 Bad Request) will be reported if there is no Host header field in the Request message.
-
HTTP 1.1 supports long Connections and Pipelining processing that delivers multiple HTTP requests and responses over a SINGLE TCP connection, reducing the cost and latency of establishing and closing connections. Connection: keep-alive is enabled by default in HTTP1.1, somewhat compensating for the fact that HTTP1.0 creates a Connection on every request.
Https
HTTP Strict Transport Security (often referred to simply as HSTS) is a Security feature that tells the browser to access the current resource only through HTTPS, not HTTP.
Strict Transport Security solves this problem; As long as you access your bank’s website via an HTTPS request, and your bank’s website is configured with Strict Transport Security, your browser knows to automatically use HTTPS requests, which can prevent the hacker’s man-in-the-middle trick.
Strict Transport Security is enabled
To enable HSTS, simply return the strict-transport-securityHTTP header when accessing your site over HTTPS: strict-transport-security: max-age=expireTime [; includeSubdomains]
Some differences between HTTPS and HTTP
- For HTTPS, you need to apply for a certificate from a CA. Generally, a free certificate is rare and requires a fee.
- HTTP runs on TOP of TCP, and all transmitted content is in plain text. HTTPS runs on top of SSL/TLS, and SSL/TLS runs on top of TCP, and all transmitted content is encrypted.
- HTTP and HTTPS use completely different connections and use different ports, the former 80 and the latter 443.
- HTTPS can effectively prevent carrier hijacking, solving a big problem of anti-hijacking.
Use SPDY to speed up your website
In 2012, As a surprise, Google put forward the SPDY scheme, and people began to view and solve the problems of the old HTTP protocol from a positive perspective. SPDY can be said to be a transport protocol integrating HTTPS and HTTP. It mainly solves the following problems:
- Reduce latency. For HTTP’s high latency problem, SPDY elegantly takes multiplexing. Multiplexing can share a TCP connection through multiple request streams, which solves the problem of HOL blocking, reduces latency and improves bandwidth utilization.
- Request priorities. A new problem with multiplexing is that critical requests can be blocked on a shared connection basis. SPDY allows you to prioritize each request so that important requests get a response first. For example, when the browser loads the home page, the HTML content of the home page should be displayed first, and then all kinds of static resource files and script files are loaded, so as to ensure that users can see the content of the web page in the first time.
- The header compression. The http1.x header mentioned earlier is often redundant. Choosing the right compression algorithm can reduce the size and number of packets.
- HTTPS based encryption protocol transmission, greatly improves the reliability of transmitted data.
- For example, my web page has a sytl. CSS request. When the client receives sytl. CSS data, the server will push the sytl. js file to the client. When the client tries to retrieve sytle.js again, it can be retrieved directly from the cache without having to request it again. SPDY composition diagram:
SPDY sits below HTTP, on top of TCP and SSL, making it easy to accommodate older versions of HTTP (encapsulating http1.x content into a new frame format) while using existing SSL functionality.
HTTP2
HTTP2.0 is an updated version of SPDY. However, there are two main differences between HTTP2.0 and SPDY
● HTTP2.0 supports plaintext HTTP transport, while SPDY enforces HTTPS
● HTTP2.0 header compression algorithm uses HPACK instead of SPDY’s DEFLATE
Http2 new features
● The new Binary Format, http1.x parsing is text-based. There are natural defects in format parsing based on text protocol. There are various forms of text expression, and many scenarios must be considered in order to achieve robustness. Binary is different, only recognizing the combination of 0 and 1. Based on this consideration HTTP2.0 protocol parsing decision to adopt binary format, implementation is convenient and robust.
MultiPlexing = each request is used as a connection sharing mechanism. A request corresponds to an ID. In this way, a connection can have multiple requests. The requests of each connection can be randomly mixed together, and the receiver can assign the requests to different server requests according to the REQUEST ID. Multiplexing schematic diagram:
HTTP2.0 uses encoder to reduce the size of the header that needs to be transferred. The communication parties cache a table of header fields. This avoids duplicate header transmission and reduces the size of the required transmission.
● Server push. Like SPDY, HTTP2.0 has Server push functionality. The chrome console can be used to check whether H2 is enabled:
chrome=>Network= >Right-click Name =>√ProtocolCopy the code
reference
- MDN-http
- alloyTeam
- cnblogs
Put a little AD at the end of it
- www.yuque.com/richlab/joi… (Here’s JD details)
Ant Financial, RichLab (Alipay spending and borrowing team) recruitment, P5-P8, graduates can, base: Chongqing, Hangzhou, Beijing; After all, I am Zhangjiahui from southwest China, and I give priority to Chongqing. People from Sichuan and Chongqing, or students who want to feel the style of Chongqing, are welcome to flirt. Green software: LpovexjnCopy the code