惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
www.infosecurity-magazine.com
www.infosecurity-magazine.com
大猫的无限游戏
大猫的无限游戏
爱范儿
爱范儿
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threatpost
V
Visual Studio Blog
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - Franky
人人都是产品经理
人人都是产品经理
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Cloudflare Blog
N
News and Events Feed by Topic
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
AWS News Blog
AWS News Blog
S
SegmentFault 最新的问题
T
Tailwind CSS Blog
Hugging Face - Blog
Hugging Face - Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Spread Privacy
Spread Privacy
J
Java Code Geeks
博客园 - 聂微东
T
Tor Project blog
宝玉的分享
宝玉的分享
博客园 - 叶小钗
Webroot Blog
Webroot Blog
博客园 - 【当耐特】
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
H
Heimdal Security Blog
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
I
InfoQ
Security Latest
Security Latest
Martin Fowler
Martin Fowler
Hacker News: Ask HN
Hacker News: Ask HN
P
Privacy International News Feed
C
CERT Recently Published Vulnerability Notes
Latest news
Latest news
雷峰网
雷峰网
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cisco Blogs
H
Help Net Security
L
LINUX DO - 最新话题
L
LINUX DO - 热门话题

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
What Is HTTP & HTTPS ?
Mohamed Elmorsy · 2026-05-31 · via DEV Community

Every time you open a browser and visit a website, something invisible but essential happens in the background — your browser and the server are having a conversation. The rules that govern that conversation are called HTTP. And when that conversation needs to be private, we add a layer of security on top, giving us HTTPS.

This is the foundation every web developer should understand before writing a single line of backend code.


What Is HTTP?

HTTP stands for HyperText Transfer Protocol. It is an application-layer protocol that defines how messages are formatted and transmitted between a client (like your browser) and a server (the machine hosting a website or API).

Think of HTTP as a language — both the client and server speak it so they can understand each other. Without HTTP, a browser would have no standard way to ask for a webpage, and a server would have no standard way to respond.

Key characteristics:

  • Stateless — each request is independent; the server has no memory of previous requests
  • Text-based — requests and responses are human-readable plain text
  • Request/Response model — the client always initiates; the server always responds

Want a visual walkthrough? Traversy Media's HTTP Crash Course & Exploration is one of the best video explanations out there. Highly recommended before moving on.


How HTTP Works: The Request/Response Cycle

Every HTTP interaction follows a strict two-step pattern.

Step 1 — The Request

The client (your browser or app) sends a request to the server. A raw HTTP request looks like this:

GET /users/123 HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer <token>

It has three parts:

Part Example Purpose
Request Line GET /users/123 HTTP/1.1 Method + path + protocol version
Headers Content-Type: application/json Metadata about the request
Body { "name": "Anne" } Data sent with the request (POST/PUT only)

Step 2 — The Response

The server receives the request, processes it, and sends back a response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 123,
  "name": "Anne",
  "email": "anne@example.com"
}

It has three parts too:

Part Example Purpose
Status Line HTTP/1.1 200 OK Protocol version + status code
Headers Content-Type: application/json Metadata about the response
Body { "id": 123, ... } The actual data returned

HTTP Status Codes

Status codes are the server's way of telling the client what happened. They are grouped into five families:

![[Pasted image 20260529223910.png]]

Range Category Common Examples
1xx Informational 100 Continue
2xx Success 200 OK, 201 Created, 204 No Content
3xx Redirection 301 Moved Permanently, 304 Not Modified
4xx Client Error 400 Bad Request, 401 Unauthorized, 404 Not Found
5xx Server Error 500 Internal Server Error, 503 Service Unavailable

Rule of thumb: If it starts with 4, you (the client) did something wrong. If it starts with 5, the server broke.


Making HTTP Requests in Go

Go's net/http package gives you everything you need. Here is a complete example that makes a GET request and reads the response body:

package main

import (
    "fmt"
    "io"
    "net/http"
)

func main() {
    resp, err := http.Get("https://api.example.com/users/123")
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    // Read the response body
    body, err := io.ReadAll(resp.Body)
    if err != nil {
        panic(err)
    }

    fmt.Printf("Status : %s\n", resp.Status)
    fmt.Printf("Body   : %s\n", string(body))
}

You can also inspect headers directly:

fmt.Println(resp.Header.Get("Content-Type"))


What Is HTTPS?

HTTPS is simply HTTP with a security layer on top — specifically TLS (Transport Layer Security), the modern successor to SSL.

Without HTTPS, all data travels as plain text. Anyone sitting between the client and server — on a public Wi-Fi network, for example — can read it. HTTPS solves this by encrypting the data before it travels.

HTTPS gives you three guarantees:

  • Confidentiality — data is encrypted; no one in the middle can read it
  • Integrity — data cannot be tampered with in transit without detection
  • Authentication — you can trust you are actually talking to the right server

How HTTPS Works: The TLS Handshake

Before any encrypted data is sent, the client and server perform a TLS handshake — a brief negotiation to agree on encryption settings and verify identities.

TLS/SSL Handshake Diagram

Here is a simplified view of the steps:

1. CLIENT HELLO  →  "Here are the TLS versions and ciphers I support."

2. SERVER HELLO  ←  "OK, let's use TLS 1.3 and this cipher suite."
                    "Here is my SSL certificate (signed by a trusted CA)."

3. CLIENT        →  Verifies the certificate is valid and trusted.
                    Generates a session key and sends it encrypted.

4. BOTH SIDES       Derive the same symmetric session key.

5. ENCRYPTED        All further communication is encrypted.
   CHANNEL ✓

After the handshake, everything works exactly like regular HTTP — except every message is encrypted. That is all HTTPS is: HTTP + TLS encryption.


HTTP vs HTTPS

Feature HTTP HTTPS
Port 80 443
Encryption ✗ None ✓ TLS/SSL
Data in transit Plain text Encrypted
Certificate required ✓ (from a CA like Let's Encrypt)
URL prefix http:// https://
Browser indicator ⚠ Not Secure 🔒 Secure
SEO ranking Lower Higher (Google preference)
Use case Internal tooling only Everything public-facing

Practical note: There is no valid reason to use plain HTTP for a public-facing service in 2025. Free SSL certificates are available from Let's Encrypt. Tools like Caddy and Nginx handle the setup automatically.


Making HTTPS Requests in Go

Go's http.Get and http.Client use HTTPS by default when you pass an https:// URL — no extra setup needed. The TLS handshake happens automatically under the hood.

package main

import (
    "fmt"
    "io"
    "net/http"
)

func main() {
    // Go handles TLS automatically — just use https://
    resp, err := http.Get("https://api.example.com/users/123")
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    body, err := io.ReadAll(resp.Body)
    if err != nil {
        panic(err)
    }

    fmt.Printf("Status : %s\n", resp.Status)
    fmt.Printf("Body   : %s\n", string(body))
}

If you need to skip TLS verification in a local development environment (never in production), you can configure the transport:

package main

import (
    "crypto/tls"
    "fmt"
    "io"
    "net/http"
)

func main() {
    // ⚠ Only use InsecureSkipVerify in local dev — never in production
    transport := &http.Transport{
        TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
    }
    client := &http.Client{Transport: transport}

    resp, err := client.Get("https://localhost:8443/health")
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    body, _ := io.ReadAll(resp.Body)
    fmt.Printf("Status : %s\n", resp.Status)
    fmt.Printf("Body   : %s\n", string(body))
}


Summary

Concept What It Is
HTTP The protocol defining how clients and servers communicate
Request A client message containing a method, path, headers, and optional body
Response A server reply containing a status code, headers, and optional body
Status Code A 3-digit number telling the client what happened
HTTPS HTTP with TLS encryption layered on top
TLS Handshake A negotiation that sets up the encrypted channel before data flows

Further Reading & Watch


Now you know how the web actually talks. HTTP is the language; HTTPS is the same language, spoken in a locked room. Every API you build, every http.Get you write, every status code you return — all of it runs on top of what you just learned.

But what if there was a way to ditch the rigid rules of REST entirely and let the client decide exactly what data it gets back — not one field more, not one field less? That is the problem GraphQL was built to solve. And it changes how you think about APIs completely. See you in the next one.b