Backend : HTTP OR HTTPS
HTTPS OR HTTPs : Backend

HTTPS OR HTTPs : Backend

Saurabh Upadhyay's photo
Saurabh Upadhyay
·

9 min read

Table of contents

What is the difference between http or https ?
HTTP = Hyper Text Transfer Protocol
HTTPs = Hyper Text Transfer Protocol Secure

Main difference in dono me data transmission aur inke security ko lekar hai .

Lets discuss on their security . Security ki baat kare toh http me data plain text me bheja jata hai (Secure nhi hai) aur https me data encrypted way me send kiya jata hai means security ke saath send kiya jata hai . Http me data ko koi bhi read krr skta hai (hacker ) aur https me data koi bhi read nhi krr skta hai (hacker )

Encryption :
HTTP : NO Encrypted
HTTPS : SSL/TLS se encrypted hota hai

Authentication :
Http koi bhi authentication ko check nhi krta hai (Example SSL/TLS) and Https SSL/TLS jaise authentication ko check krta hai visit hone se pehle .

Performance :
Http fast hota hai https se kyuki http me koi bhi encryption nhi hota mtlb (security) . Https me checking hoti hai ki website secure hai ki nhi (SSL/TLS)

Browser Trust & SEO :
Http websites me warning ka msg aata hai aur Browser does not trust on Http inbuilt website and iska seo bhi kafi down rehta hai . Https website secure rehti hai aur inka optimization bhi kaafi accha hota hai SEO
ranking bhi kafi badhiya hota hai search mei top prr show hoti hai .

Port Number :
HTTP : port no 80 ka use krta hai
HTTPS : port no 443 ka use krta hai

DIFFERENCES BETWEEN URL/URI/URN

URL (Uniform Resource Locator) :

URL basically Specific address hai jisko hum use krte hai resources ko locate krne ke liye internet pr. Ye provide krta hai location kisi bhi resources ka including the protocol (e.g., HTTP, HTTPS, FTP).
Example : https://www.example.com/index.html
Lets Understand bitwise :

  • www.example.com → Domain name

  • /index.html → Path to the resource

  • https:// → Protocol

URI (Uniform Resource Identifier):

  • A URI is a broader concept that uniquely identifies a resource.

  • It can act as a URL, a URN, or both.

  • A URI can describe either:

    • The location (as in a URL).

    • The name (as in a URN)

URN (Uniform Resource Name)

  • A URN identifies a resource by its name, not by its location.

  • URNs are persistent and location-independent

  • Example : urn:isbn:0451450523

AspectURLURIURN

Definition

A locator (where a resource is).

A general identifier of a resource.

A name (what a resource is).

Purpose

Specifies location of the resource.

Specifies identity of the resource.

Specifies name, independent of location.

Includes

Includes protocol and location details.

Can be a URL, URN, or both.

Does not include location details.

Example

https://www.example.com/page

urn:isbn:0451450523 OR https://www.example.com/page

urn:isbn:0451450523

WHAT ARE HTTP HEADER ?

HTTP HEADER KO SMJHANE SE PEHLE METADATA KO SMJHO

Metadata ka matlab hai "data ke baare me data." Ye data ke baare me details provide karta hai, jaise uska naam, size, kab create hua, aur kis kaam ka hai. Simple me bole toh, metadata wo information hai jo data ko aur achhe se samajhne aur organize karne me madad karti hai.

Website ka Metadata:

  • Title: "Best Recipes for You"

  • Keywords: recipes, cooking, food

  • Description: "Find the best recipes here for all cuisines."

Jab Google pe search karte ho aur website ki chhoti si description dikhai deti hai, wo metadata hoti hai.

Music ka Metadata:

  • Gana ka naam: Kesariya

  • Singer: Arijit Singh

  • Album: Brahmastra

  • Duration: 4:30 minutes

Gana khud ek data hai, aur iske baare ki details uska metadata hai.

Metadata kyon zaroori hai?

  1. Search me madad karta hai:

    • Metadata ke through kisi bhi file ko asani se dhundh sakte ho. Example: Gana ka naam type karte hi mil jata hai.

  2. Data ko organize karne me help karta hai:

    • Jaise folder ke andar sab kuch alag-alag sort karna.

  3. Identify karta hai data ko:

    • Batata hai ki file kis type ki hai aur kaise use karni chahiye.

HTTP HEADER

HTTP headers wo key-value pairs hote hain jo client (jaise web browser) aur server ke beech HTTP request ya response me bheje jate hain. Ye request ya response ke bare me zaroori information provide karte hain, jaise content type, length, encoding, aur aur bhi kaafi kuch. Yaha kuch common HTTP headers ke baare me bataya gaya hai:

1. Request Headers (Client Dwara Bheje Gaye)

Ye headers wo hote hain jo client (browser ya koi aur HTTP client) server ko request bhejte waqt send karta hai.

  • Accept: Client kis media type ko receive karne ke liye ready hai, ye specify karta hai (e.g., Accept: text/html).

  • Accept-Encoding: Client ke dwara supported encoding algorithms ko specify karta hai (e.g., gzip, deflate).

  • User-Agent: Client software ka identifier jo request bhej raha hai (e.g., User-Agent: Mozilla/5.0).

  • Host: Server ka domain name specify karta hai (e.g., Host: www.example.com).

  • Authorization: Client ko authenticate karne ke liye credentials bhejta hai (e.g., Authorization: Bearer <token>).

  • Cookie: Client ke dwara store kiye gaye cookies ko request ke sath bhejta hai (e.g., Cookie: sessionId=abc123).

  • Referer: Wo URL specify karta hai jahan se request aaye (e.g., Referer: https://www.google.com).

2. Response Headers (Server Dwara Bheje Gaye)

Ye headers wo hote hain jo server client ko response bhejte waqt send karta hai.

  • Content-Type: Response ka media type specify karta hai (e.g., Content-Type: text/html).

  • Content-Length: Response body ki length bytes me specify karta hai (e.g., Content-Length: 1234).

  • Set-Cookie: Server client ko cookies bhejta hai (e.g., Set-Cookie: sessionId=abc123).

  • Cache-Control: Caching behavior ko control karta hai (e.g., Cache-Control: no-cache).

  • Location: Redirection responses me URL specify karta hai jahan redirect karna hai (e.g., Location: https://www.example.com).

  • Server: Server software ke baare me information deta hai (e.g., Server: Apache/2.4.1).

  • WWW-Authenticate: Wo authentication method batata hai jo server support karta hai (e.g., WWW-Authenticate: Basic realm="Access to the site").

3. General Headers

Ye headers request aur response dono me apply hote hain aur ye body content se specific nahi hote.

  • Date: Message bheje jane ka date aur time specify karta hai (e.g., Date: Mon, 22 Jan 2025 15:00:00 GMT).

  • Connection: Ye control karta hai ki connection open rahega ya transaction ke baad close ho jayega (e.g., Connection: keep-alive).

  • Transfer-Encoding: Response body ko safely transfer karne ke liye encoding ka form specify karta hai (e.g., Transfer-Encoding: chunked).

4. Entity Headers

Ye headers message body ke baare me information provide karte hain.

  • Content-Encoding: Response body par kiye gaye encoding transformations ko specify karta hai (e.g., Content-Encoding: gzip).

  • Content-Language: Content ka language specify karta hai (e.g., Content-Language: en).

  • Content-Disposition: Ye describe karta hai ki content ko kaise present kiya jana chahiye (e.g., Content-Disposition: attachment; filename="example.pdf").

HTTP Communication me Use:

  • Request Example (Client se Server):

      vbnetCopyGET /index.html HTTP/1.1
  Host: www.example.com
  Accept: text/html
  User-Agent: Mozilla/5.0

  • Response Example (Server se Client):

      cssCopyHTTP/1.1 200 OK
  Content-Type: text/html; charset=UTF-8
  Content-Length: 342
  Set-Cookie: sessionId=xyz123

Ye headers web communication ka control karte hain, jo data ki proper formatting, security, aur efficient transmission ko ensure karte hain client aur server ke beech.

X-prefix 2012 ke phele likhte the ab nhi (X-deprecated ho chuka hai )

Payload Header jo data ko send krte hai

MOST COMMON HEADERS

1. Accept : Application/json (Aur bhi format hota hai )
2. User-Agent (Konsi application se request aayi hai , user ki information milta)
3.Authorization(Frontend ke liye hota hai bheja jata hai)
4.Content-Type(data , such as Image)
5.Cookie
6.cache-Control

CORS :
Access-Control-Allow-Origin
Acess-Control-Allow-Credentials
Acess-Control-Allow-Method

Security:
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Content-Security-Policy
X-XSS-Protection

HTTP METHOD

GET Method

  • Purpose: Ye method server se data retrieve (prapt) karne ke liye use hota hai.

  • Use Case: Jab aap kisi website ko open karte hain, toh browser server se data GET karta hai.

  • Example: GET /home

2. POST Method

  • Purpose: Ye method server ko data send (bhejne) ke liye use hota hai, jise server process karta hai.

  • Use Case: Form submit karte waqt, jaise login ya registration ke liye, data POST hota hai.

  • Example: POST /register

3. PUT Method

  • Purpose: Ye method kisi existing resource ko update karne ke liye use hota hai.

  • Use Case: Agar aap kisi resource ko modify karte hain (jaise kisi user ka profile update karna).

  • Example: PUT /user/123

4. DELETE Method

  • Purpose: Ye method kisi resource ko delete (hatane) ke liye use hota hai.

  • Use Case: Jab aap kisi resource ko remove karte hain, jaise kisi user ko delete karna.

  • Example: DELETE /user/123

5. PATCH Method

  • Purpose: Ye method kisi resource ko partially update karne ke liye use hota hai.

  • Use Case: Jab aap ek resource me kuch chhoti updates karte hain, poora resource nahi.

  • Example: PATCH /user/123

6. HEAD Method

  • Purpose: Ye method GET ki tarah hota hai, lekin isme body nahi hoti. Sirf headers ko retrieve karta hai.

  • Use Case: Agar aapko kisi resource ke bare me metadata chahiye ho bina content ke.

  • Example: HEAD /home

7. OPTIONS Method

  • Purpose: Ye method server ko yeh puchne ke liye use hota hai ki kisi resource ke liye kaunse HTTP methods allowed hain.

  • Use Case: Jab aapko kisi resource ke upar allowed methods ke bare me janna ho.

  • Example: OPTIONS /home

8. TRACE Method

  • Purpose: Ye method server ko apne path ka loopback trace karta hai, jo client ko yeh batata hai ki request kaise server tak pahuchti hai.

  • Use Case: Mostly debugging aur diagnostics me use hota hai.

  • Example: TRACE /home

9. CONNECT Method

  • Purpose: Ye method client aur server ke beech ek tunnel establish karta hai, jise secure communication ke liye use kiya jata hai (jaise HTTPS).

  • Use Case: Jab aapko secure communication establish karna ho.

  • Example: CONNECT www.example.com:443

HTTP methods client aur server ke beech communication ko define karte hain. Yeh specify karte hain ki client kaunsa action server par perform karna chahta hai, jaise data retrieve karna, send karna, update karna, ya delete karna.

HTTP STATUS CODE :
1xx INFORMATIONAL
2xx SUCCESS
3xx REDIRECTION
4xx CLIENT SERVER
5xx SERVER ERROR

100 CONTINUE
102 PROCESSING
200 OK
201 CREATED
202 ACCEPTED
307 TEMPORARY REDIRECT
308 PERMANENT REDIRECT
400 BAD REQUEST
401 UNAUTHORIZED
402 PAYMENT REQUIRED
402 NOT FOUND
500 INTERNAL SERVER ERROR
504 GATEWAY TIME OUT

serverhttpSecurity