Describe the purpose and operation of HTTP and HTTPS

ResourcesSubject NotesComputer ScienceLesson Plan

IGCSE Computer Science – The Internet: HTTP and HTTPS

Learning Objective

Students will be able to describe the purpose and operation of HTTP and HTTPS, explain the structure of a URL, and outline the role of a web browser in the client‑server model. The notes also cover the packet format used by HTTP and the basic concepts of encryption required by the Cambridge IGCSE 0478 syllabus.

1. URL Structure

A Uniform Resource Locator (URL) tells a web browser where a resource lives on the Internet.

ComponentExample
Protocolhttps://
Domain namewww.example.com
Port (optional):443
Path/products/item.html
Query string (optional)?id=25&ref=home
Fragment (optional)#details

Full example:

https://www.example.com:443/products/item.html?id=25#details

2. What the Web Browser Does (Client‑Side)

  • Accepts a URL typed or clicked by the user.
  • Uses DNS to translate the domain name into an IP address.
  • Opens a TCP connection to the server (port 80 for HTTP, port 443 for HTTPS).
  • Creates and sends an HTTP request (or an HTTPS request inside a TLS tunnel).
  • Receives the HTTP response, interprets the status code and headers.
  • Renders HTML, CSS, JavaScript and any embedded media.

3. HTTP – HyperText Transfer Protocol

3.1 Purpose

HTTP is the fundamental protocol that browsers and web servers use to exchange web resources (pages, images, scripts, etc.). It is a plain‑text, request‑response protocol that runs over TCP.

3.2 Key Characteristics

  • Unencrypted – data is sent as clear text.
  • Default TCP port 80.
  • Stateless – each request is independent of previous ones.

3.3 Common HTTP Methods

MethodTypical Use
GETRetrieve a resource (e.g., a web page or image)
POSTSubmit data to a server (e.g., form submission)
PUTUpload or replace a resource on the server
DELETERemove a resource from the server
HEADRequest only the response headers, not the body

3.4 HTTP Request–Response Cycle

  1. TCP connection is opened to the server on port 80.
  2. The client sends an HTTP request consisting of:
    • Request line – method, URL path, HTTP version
    • Headers – e.g., Host, User‑Agent, Accept
    • Optional message body (used with POST, PUT, etc.)
  3. The server processes the request and returns an HTTP response containing:
    • Status line – HTTP version, status code, reason phrase
    • Headers – e.g., Content‑Type, Content‑Length
    • Optional message body (the requested resource)
  4. The TCP connection is either closed or kept alive for further requests.
Example HTTP Request
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
Example HTTP Response
HTTP/1.1 200 OK
Date: Mon, 16 Nov 2025 12:00:00 GMT
Content-Type: text/html
Content-Length: 1024

<!DOCTYPE html>
<html> … </html>

3.5 HTTP Packet Format (Cambridge Syllabus Requirement)

When an HTTP message travels across the network it is carried inside a TCP segment, which in turn is encapsulated in an IP packet. The simplified packet layout is:

+-------------------+-------------------+-------------------+
| IP Header         | TCP Header        | HTTP Message      |
| (src/dst IP, …)   | (src/dst ports,   | (request or       |
|                   | sequence numbers) | response)         |
+-------------------+-------------------+-------------------+
  • Header – contains routing information (IP) and reliability data (TCP).
  • Payload – the actual HTTP request or response.
  • Because HTTP itself is not encrypted, anyone who can capture the packet can read the payload.

4. HTTPS – HTTP Secure

4.1 Purpose

HTTPS combines HTTP with Transport Layer Security (TLS) (formerly SSL) to provide:

  • Confidentiality – data is encrypted, preventing eavesdropping.
  • Integrity – a Message Authentication Code (MAC) detects any alteration.
  • Authentication – the server proves its identity with a digital certificate; optional client certificates can also be used.

4.2 Typical Port

HTTPS uses TCP port 443.

4.3 TLS Handshake (Simplified)

StepAction
1Client → Server: ClientHello (TLS versions, cipher suites, random data)
2Server → Client: ServerHello (chosen TLS version & cipher suite) + server’s digital certificate + server random
3Client validates the certificate (CA signature, expiry, domain match)
4Client → Server: encrypted Pre‑Master Secret (encrypted with the server’s public key)
5Both sides derive identical session keys from the pre‑master secret and the two random values
6Secure channel is established; the client now sends a normal HTTP request, which TLS encrypts before transmission

4.4 Symmetric vs. Asymmetric Encryption (Syllabus Alignment)

TypeKey(s) UsedTypical AlgorithmUse in HTTPS
Asymmetric (public‑key)Public key & private key pairRSA, ECCExchange of the pre‑master secret and verification of the server certificate
SymmetricSingle shared secret keyAES, ChaCha20Actual encryption of HTTP data after the handshake

4.5 HTTPS Data Transfer

After the TLS handshake:

  1. The client encrypts the full HTTP request (request line, headers, body) with the session key and sends it.
  2. The server decrypts, processes the request, creates the HTTP response, encrypts it with the same session key, and sends it back.
  3. Both sides verify integrity using the MAC included in each TLS record.

5. Comparison of HTTP and HTTPS

FeatureHTTPHTTPS
Port80443
EncryptionNone – clear textTLS/SSL (AES, ChaCha20, etc.)
Data IntegrityVulnerable to tamperingProtected by MAC (HMAC‑SHA256, etc.)
AuthenticationNo built‑in mechanismServer certificate (and optional client certificate)
Typical Use CasesPublic information where security is not criticalLogin pages, e‑commerce, banking, any transmission of personal or sensitive data

6. Key Points to Remember (Exam Checklist)

  • HTTP = plain‑text request/response over TCP (port 80).
  • HTTPS = HTTP + TLS; TLS creates a secure channel before any HTTP data is sent (port 443).
  • TLS handshake uses asymmetric encryption to share a symmetric session key.
  • Digital certificates issued by trusted Certificate Authorities authenticate the server.
  • Web browsers resolve URLs, open TCP connections, send HTTP/HTTPS requests, and render the returned content.
  • Know the five HTTP methods most likely to appear in exams: GET, POST, PUT, DELETE, HEAD.
  • Remember the basic packet layout: IP header → TCP header → HTTP message (payload).

7. Quick‑Reference Checklist for Aligning Lecture Notes with the Cambridge IGCSE 0478 Syllabus (2026‑2028)

Syllabus UnitMust‑Cover Sub‑topicsNotes Status
Data Transmission • Packet structure (header, payload, trailer)
• Packet‑switching process
• Serial/parallel and duplex modes
• Error‑detection basics (parity, checksum)
• Symmetric & asymmetric encryption (AES vs. RSA) – used in HTTPS 		✔ Added packet diagram, encryption table, and TLS handshake description.
Internet & Its Uses • URL components
• Role of DNS
• HTTP/HTTPS operation
• Common HTTP methods
• Port numbers 80 & 443 		✔ Fully covered and illustrated with examples.

Use the checklist before each lesson to confirm that all required sub‑topics are present and that examples or diagrams are included where the syllabus expects them.

Create an account or Login to take a Quiz

38 views
0 improvement suggestions

Log in to suggest improvements to this note.