1. What is the HTTP protocol coarse talk
Full HTTP protocol is Hyper Text Transfer Protocol, Hypertext Transfer Protocol, see to know the name of Italy, which is used to control the hypertext transmission protocol. Here to talk about what is a simple HTTP protocol, HTTP protocol and the importance of understanding.
Before saying HTTP protocol, a protocol must understand that TCP / IP protocol suite, the Transmission Control Protocol TCP protocol which is well known. This protocol is used to communicate both the establishment of the communication link, connection-oriented, reliable and effective protection of communication protocols.
For a chestnut: There are two different countries but Multilingual people of the same meet, TCP protocol is to provide a space for two people can meet to talk; and HTTP protocol is to let two people will confirm the use of a language to communicate .
For now TCP protocol, TCP protocol is communicating parties (from both sides here that communication is often the case in terms of client and server) that need to communicate time (usually a client to initiate a request to the server): service requester needs starting a connection request SYN; Bianxiang service request received after requesting party sends an ACK request acknowledgment SYN identifier and a connection request; the request has received the connection acknowledgment request service and party connection, it sends a service again ACK acknowledgment request flag. This is three times the TCP "handshake", is also based on the premise that all TCP services. A major feature of TCP is reliable, maintaining the advantages connected, but also has a long-term occupation of both the system resources to keep the connection, the connection is slow and vulnerable to attack drawback to "shake hands", so service TCP protocol provides generally the connection stability and data are available have requirements, such as the browser's HTTP, FTP file server; of course there are unconnected UDP protocol to make up for the shortcomings of TCP, UDP protocol does not require though three "handshake" has become a quick and safe, but but not as reliable TCP transport mechanism, as long as the packets thrown into the pack after the router is no longer a pipe, so there will be a video or games because of fluctuations in the network and packet loss caused by Caton. TCP protocol suite is one of the cornerstones of modern networks, it comes to the development of the network, knowledge can not avoid them, so have a solid knowledge of computer networks is essential.
Having a basic TCP and UDP, and then for the HTTP protocol. Because HTTP requirements for file integrity, it is doomed to be based on the TCP protocol. However, because the development of science and technology, leading to an order of magnitude larger and larger traffic has given way to the server can not load tens of thousands of links. If every HTTP access will remain on the server a persistent TCP connection, then a strong server performance can not afford it. So HTTP protocol designers will make the stateless HTTP, no access protocol connection, only if the client initiated the request and "handshake" after successfully establishing a TCP connection with the server, the web server to complete transmission after the client, the client will immediately disconnect the connection, the new connection to the next sub spare client connection requests, which means that no connection; therefore the time server and the client is disconnected, not mutually know what each other have done the operation, which is stateless meaning, and later appeared in the need to record client disconnected during this time have done what action needs, Session and Cookie came into being. This is just one of the reasons why the generated HTTP protocol, not just because HTTP is a stateless service to produce, but more is needed HTTP transfer agreement the two sides to communicate the information required to inform each other of the birth, so learn HTTP protocol, you must first be familiar with HTTP request and response messages.
In addition, HTTPS protocol is HTTP content through encryption technology to encrypt and communication technology verified the identity of the parties, though they have a higher level of security, will also bring more traffic and resource overhead and increased latency, if not for high security applications, without the use of HTTPS protocol.
(Net work came to speak too rough feel ashamed, but who did not wish to see such a long word theory, touched a)
2. Use the tools
Usually when using a browser to access the site, the browser is unable to see what the client sends a request message to the server, nor can see all responses returned by the server, the server sends to only see the HTML page. In this case it is necessary to use a tool to obtain and send the received response request.
The following are used Chrome comes with the F12 Developer's Kit, function is also very rich, to see the HTTP request and response is very comprehensive and simple.
FireFox will FireBug functionality integrated into its own small bee F12 Developer's Kit, function is also very rich, favorite or most of the developers, of course, because of the Chinese translation, so I am more friendly.
If you use IE, then it can only use this plugin download HTTPWatch, do not know that I would not use or compatibility problems, IE11 my life and death can not capture properly.
Do not want to use, then you can use Sniffer protocol analysis tool, but this tool Although feature-rich, but to eat more memory; a free packet capture tool WireShark also good to use.
3. General Public Head
(1) Request URL: requested domain name server.
(2) Request Method: transmission method server (POST, GET or the like) requests.
(3) Status Code: request status code. You can view specific FireFox provide the information .
(4) Remote Address: remote address request.
(5) Referrer Policy: a recording mode from the requestor over which connection.
4. Request Headers request header
Request message header is sent by the browser to the server.
Type Content Browser supported file type, tells the client can handle: (1) Accept.
(2) Accept-Encoding: browser supports what type of compression, server page file is packaged in general will be sent to the client, so you can save traffic speed up the transfer, which is to tell the server to pass over these compression clients can extract use.
(3) Accept-Language: The client can declare its understanding of natural language, as well as regional dialects preference.
(4) Connection: after the current transaction is completed, it will close the network connection.
(5) Cookie: Before the server sends back to the server to the client's cookie (a small user trace log files).
(6) Host: server domain name requests.
HTTP / 1.1 All request packet must contain a Host header field. If a HTTP / 1.1 Host request header field is missing or set up more than one Host header field, a 400(Bad Request) status code is returned.
(7) referer: requester source domain, from which page is connected to jump over.
(8) User-Agent: information of the client and browser information.
It includes a feature character string, so that the network protocol for the peer initiates a request to identify user agent software application type, operating system, and the version number of software developers.
(9) Cache-Control: instructions to implement the specified caching mechanism.
Instruction is not case sensitive, and has an optional parameter may be a token or a quoted string syntax. A plurality of instructions separated by commas.
5. Response Headers response header
Header information is the server response to the client request header is returned to the client.
(1) Cache-Control: tell the customer what a safe environment can be cached files end.
(2) Connection: after the current transaction is completed, it will close the network connection.
(3) Content-Encoding: server tells the browser that is what they used compression format. Corresponding to the request header Accept-Encoding.
(4) Content-Type: The server tells the browser files of the current type, with the request Accept header.
(5) Date: server message date and time of creation.
格式:<day-name>,<day> <month> <year> <hour>:<minute>:<second> GMT
(6) Expires: After this time, in response to expiration.
(7) Server: used to process the request as the source of server software information.
You should avoid using too long or too detailed a description as the value Server, as this is likely leaked internal server implementation details, help attackers find or detect known vulnerabilities.
(8) Set-Cookie: cookie by the server sends to the client.
(9) Strict-Transport-Security: The server tells the browser can only access the current resource over HTTPS.
(10) Transfer-Encoding: specifies the coded form is transmitted to a user entity security employed.
(11) Vary: determines the future of a request header, you should use a cache of reply or request a new reply to the source server.
(12) X-Ua-Compatible: Tell rendering browser.