The Hypertext Transfer Protocol (HTTP) is a protocol at the application layer of the Internet Protocol (IP) Suite. The protocol is used for distributed, collaborative, and hypermedia information systems which put it at the core of data communication across the World Wide Web (WWW). This means that when a user goes to a (distributed or collaborative information systems) website or loads any form of interactive media (hypermedia information systems), it is this protocol which transfers the information back and forth. Hypertext is structured text which has the feature of logical links (hyperlinks) between endpoints. This means that HTTP is literally the protocol to handle the transfer of hypertext.
HTTP functions basically in two parts as a request-response protocol between users browsing the WWW and web servers. When a user browses the web by entering a web address (URL) into the browser (let's say, iplocation.net), your web browser sends an HTTP-request message to the web server which hosts the website. This message consists of a request-line; which consists of the request for the specific resource the web browser is trying to view, the request-header; which consists of a series of miscellaneous tags which denotes operating parameters such as a list of acceptable languages in the HTTP-response message, an empty line, and an optional message body. In this case, the user's web browser (ergo; the user) is considered the client while the website's web server is considered the server. As the server contains all the content, hosting, and formatting resources of the website, it will return an HTTP-response message to the client. This response is typically what contains the completion status of the HTTP-request from the web browser along with the website's content to be displayed on the web browser. This process described is a part of what is called the client-server computing model which is the basis for data communication on the WWW and all works through the underlying Transmission Control Protocol (TCP) on the transport layer.
Sessions and Authentication
The nature of HTTP actually allows for it to cover more than simply client-server communication. As a matter of fact, it is because of this core feature that the protocol can be used in various other methods, particularly for web developers and network administrators. HTTP Sessions and HTTP Authentication are two example of these which are based on precisely that. An HTTP Session is simply a series of request-response network transactions between a client and server. It is through this session that allows web browsers to display a website's content but this is what makes the session particularly powerful for web developers. As the session will hold a lot of information for the website, web developers can manipulate this information through the use of HTTP Request Methods depending on the content being pulled. For instance, the POST method is used to accept an entity in the HTTP-request as part of the web resource and is typically used messages on forums, comment threads on websites and so on. On the other hand, HTTP Authentication provides a variety of frameworks on how to validate access control and the request-response transaction in a session. This process is done via a challenge-response authentication scheme where the server issues a challenge to the client or the client presenting authentication information to the server.
Technology waits for no one and HTTP is no different. Over the years since its inception, there has in fact been movements for improvements with HTTP for the sake of more development, usability, and security. For example, HTTP/2.0 was developed and actualized in 2015 off of the framework Google's SPDY protocol. This major revision saw improvements in greater speed for websites which use HTTP/2.0 while still allowing older websites without support to still be usable. This upgrade in speed was accomplished by a variety of different features such as having header data be compressed, the pipelining of HTTP-requests, and allowing multiple HTTP-requests over one TCP connection.
Another innovation which was realized on the back of HTTP is Hypertext Transfer Protocol Secure (HTTPS) which offers a secure network for data communication. The protocol is very commonplace on the Internet in the modern world after being initially used mainly for online payment transactions. Today, it is achieved by being encrypted by Transport Layer Security (TLS) but prior to this, the protocol was actually accomplished by the Secure Sockets Layer (SSL) and because of this, the protocol might also be referred to as HTTP over TLS or HTTP over SSL. The demand for this secure iteration of the protocol came for the need of protection of data to ensure its privacy and integrity. As such, the protocol's encryption on both the HTTP-request and HTTP-response prevents eavesdropping and tampering of the data between the client and server; ergo, it prevents man-in-the-middle attacks.
As technology grows, there is no doubt that newer technology and iterations will be made to improve HTTP further or maybe even, replace it completely. As a matter of fact, as of 2015, a newer protocol which serves the same purpose as HTTP has been realized called InterPlanetary File System (IPFS) which performs HTTP's job even faster and more reliably in a different way despite not being an industry standard nor a core part of the IP Suite. Granted, it may still only be a manner of time before that happens.