First of all I want to talk about what is HTTP : http is a protocol, HTTP transmitted in clear text, data is unencrypted, poor security, HTTPS (SSL + HTTP) data transmission is encrypted, security is better. It belongs to the application layer protocol, the application layer of the seven layer model belonging to a network layer protocol wherein, the network model is divided into seven layers: a physical layer / data link / network layer / transport layer / session layer / presentation layer / application layer, compared https page is loading slowly by 50%, simply because http protocol transmission probably only three or four packets, and the https protocol which is carrying 12 packets to transfer, so the speed is slower by 50% compared to https, http and https is used in completely different connections, with the port are not the same, the former is 80, which is 443. HTTPS is actually construct HTTP protocol over SSL / TLS, therefore, to compare HTTPS server to consume more resources than HTTP.
HTTPS: https is a network security protocol, security is much higher than http, so in general there are some important information you enter some sites are generally sites htpps agreement, but the upgrade http https protocol needs to use the HTTPS protocol requires the CA (Certificate Authority, certificate authority) certificate application, generally less free certificates, thus requiring a fee. Certificate Authority such as: Symantec, Comodo, GoDaddy, and so on GlobalSign.
The difference between HTTP get request and post a request?
(1) In the client, the data submitted by the Get URL manner, data can be seen in the URL; the POST mode, data is placed in the HTML HEADER submitted.
Data (2) GET submission can only have a maximum of 1024 bytes, while POST is no such restriction.
(3) security issues. As in (1) mentioned that the use of Get, the parameters will be displayed in the address bar, and the Post will not. So, if these data are Chinese data and non-sensitive data, then use the get; if the user input data is not Chinese characters and contain sensitive data, or use the post as well.
(4) a safe and idempotent. The so-called security means that the operation used to obtain information rather than modify the information. Idempotent means that multiple requests for the same URL should return the same result
works with HTTPS :
We all know that HTTPS can encrypt information, so as not to acquire sensitive information by third parties, so a lot of banking sites or e-mail, and so the level of security than high service will adopt HTTPS protocol. 
1, the client initiates HTTPS request to
say nothing of this is that the user enter a https URL in the browser, and then connect to port 443 of the server.
Configuration 2, the server is
using the HTTPS protocol server must have a digital certificate, you can make your own, you can also to organize application, the difference is their own certificates issued requires client authentication through before they can continue to access, and use a trusted company certificate application will not be prompted page (startssl is a good choice, a 1-year free service).
This certificate is actually a pair of public and private keys, if not very understanding of public and private keys, can be imagined as a key and a lock, but the whole world only you have the key, you can lock head to someone, you can use this to lock important thing locked up, and then sent to you, because only you have the key, so only you can see what the lock is locked up.
3, transfer certificate
this certificate is actually a public key, but contains a lot of information, such as authority, expiration date, etc. certificate.
4, the client certificate resolve
this part of the work is the client's TLS to complete, will first verify that the public key is valid, such as authority, expiration date, etc., if abnormal, a warning box will pop up, prompting certificate problems .
If the certificate is no problem, then generates a random value, and then encrypted with the certificate of the random value, as if to say above, the random value locked up with locks, so unless there is a key, or do not see is locked content.
5, transmit encrypted information
that is part of the transmission of a random value encrypted with a certificate, the purpose is to allow the server to get this random value, after the communication client and server can be encrypted decrypted by the random value.
6, the decryption information server
after the server private key to decrypt obtain pass over the client random value (private key), and then the encrypted symmetric content value, is a so-called symmetric encryption, and a private key information by a algorithms mixed together, so unless you know the private key, or can not get content, but just the client and server are aware of this private key encryption algorithm sturdy enough so long as the private key is complex enough, enough data security.
7, after the transmission of the encrypted information
that is part of the service information segment encrypted with the private key information, the client may be reduced.
8, the client decryption information
private key to decrypt Services segment generated before the end use customer information passed over, then get the decrypted content, the whole process even if a third party to monitor the data, but also helpless.
HTTP status code
2 of the HTTP status code
status code has three numbers, the first number of defined categories of response, is divided into five categories:
1xx: indication information - indicates a request has been received, processing continues
2xx: Success - indicates request has been successfully received, understood, accepted
3xx: redirection - to fulfill the request must go a step further
4xx: client error - the request has a syntax error or a request can not be achieved
5xx: server-side error - the server failed to achieve a legitimate request
common status code:
200 // client requests the OK successful
400 Bad request // client requests a syntax error, can not be understood by the server
401 unauthorized // request is not authorized, the status code must be used with the WWW-Authenticate header field
403 Forbidden // server receives the request, but refused to provide service
404 not Found // requested resource does not exist, eg: enter the wrong the URL of
500 Internal server error // server goes unexpected errors
503 server unavailable // server is currently unable to process the client's request, may return to normal after a period of time
