Definition

WebSocket

Robert Sheldon

By

Robert Sheldon

What is WebSocket?

WebSocket is a communications protocol that enables two endpoints -- typically a client and a server -- to establish a persistent, bidirectional, full duplex TCP connection between them. The protocol's goal is to provide a method for browser-based applications to carry out two-way communications without needing to open multiple HTTP connections. For this reason, a WebSocket connection is typically between a web browser and a web server, although it can be between any two endpoints that support the protocol.

A diagram showing how servers respond to client requests. — In client-server computing, servers respond to client requests.

The WebSocket protocol addresses many HTTP protocol limitations. With HTTP, if an application such as an instant messaging app requires bidirectional communication, the client must make multiple HTTP calls, and the server must maintain multiple TCP connections. This approach results in greater overhead, latency and bandwidth usage.

The WebSocket protocol provides an alternative to the continuous polling HTTP requires for two-way communications. With WebSocket, the client and server need to maintain only a single connection that supports bidirectional communications.

WebSocket first appeared in the Hypertext Markup Language 5 specification, where it was referred to as TCPConnection -- a placeholder for a TCP-based socket application programming interface (API).

Ian Hickson and Michael Carter initially conceived the WebSocket protocol in 2008. The Internet Engineering Task Force standardized it in RFC 6455 in 2011.

All major web browsers support the WebSocket protocol. Browsers typically use the WebSocket API to establish WebSocket connections with host servers. The API provides an interface that web applications can use to initiate and manage their WebSocket connections.

The WebSocket protocol supports a wide range of applications that require bidirectional communications, such as live chats, instant messaging, online games and real-time collaboration tools.

Establishing a WebSocket connection

Commonly used in the context of the existing HTTP infrastructure, the WebSocket protocol supports HTTP proxies and intermediaries. It works over HTTP ports 80 and 443. However, WebSocket is not limited to HTTP. Although today's implementations are deployed in the context of the HTTP framework, the protocol could potentially be used in other ways to help simplify bidirectional communications.

A WebSocket connection typically begins when a browser sends a TCP handshake to the server. The handshake is an HTTP/1.1 GET request that contains multiple HTTP header fields, including those specific to establishing a WebSocket connection, such as the following:

Connection. List of connection options. For a WebSocket connection, the field must specify the value Upgrade.
Upgrade. Indicates that the connection should be upgraded to a specific protocol. For a WebSocket connection, the field must specify the value WebSocket.
Sec-WebSocket-Key. A Base64-encoded random string value that the server uses to prove it received a valid WebSocket handshake.
Sec-WebSocket-Version. The protocol version, which currently must be 13.

After receiving the opening handshake, the server returns a responding handshake that completes switching to the WebSocket protocol. That handshake includes the Sec-WebSocket-Accept header field, which indicates whether the server is willing to accept the connection. The field's value is a Base64-encoded hash of the Sec-WebSocket-Key value specified in the opening handshake. The value confirms that the server has accepted the connection.

After the handshakes complete successfully, the client and server can exchange data, which is transmitted as WebSocket messages. Each message is made up of one or more frames that contain the same type of data. At their highest level, message frames fall into one of three categories:

Textual data frames. Frames containing textual data interpreted according to the UTF-8 encoding standard.
Binary data frames. Frames containing binary data whose interpretation is left up to the application.
Control frames. Frames used for protocol-level signaling, such as to ping the other endpoint or specify that the connection should be closed.

When the WebSocket protocol is used for communications, the web server is aware of all WebSocket connections and can communicate with each individually. Communication can be initiated at either endpoint, which facilitates event-driven web programming. In standard HTTP, only clients can request new data.

While the connection remains open, the server and client can send messages to each other anytime until one of them closes the session. To close the connection, either endpoint sends a closing handshake in a message control frame.

Learn the strengths and weaknesses of each major browser: Chrome vs. Firefox vs. Safari vs. Edge.

This was last updated in July 2024

Continue Reading About WebSocket

AWS WebSocket support ushers in real-time serverless features

Forrester: How to expand your API strategy

Web 2.0 vs. Web 3.0 vs. Web 1.0: What's the difference?

The problem with 'secure' messaging

Comparing web browser privacy and security features

Search Networking

What is 1000BASE-T (Gigabit Ethernet)?
1000BASE-T is a Gigabit Ethernet standard that operates at a speed of 1 gigabit per second (Gbps) over copper wiring.
What is DHCP (Dynamic Host Configuration Protocol)?
DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to dynamically assign an Internet Protocol (IP) ...
What is Routing Information Protocol (RIP)?
Routing Information Protocol (RIP) is a distance vector protocol that uses hop count as its primary metric.

Search Security

What is a security operations center (SOC)?
A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with...
What is a risk profile? Definition, examples and types
A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.
What is risk reporting?
Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

Search CIO

What is the Sarbanes-Oxley Act? Definition and summary
The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public ...
What is a change agent (agent of change)?
A change agent, or agent of change, is someone who promotes change and enables it to happen within any group or organization.
What is a quantum processing unit (QPU)?
A quantum processing unit (QPU) is a hardware device that uses quantum mechanics -- such as superposition and entanglement-- to ...

Search HRSoftware

What is team collaboration?
Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...
What is talent management? Definition, basics and strategy
Talent management is a strategic approach organizations use to attract, develop, retain, and optimize employees.
What is employee experience?
Employee experience is a worker's perception of the organization they work for during their tenure.

Search Customer Experience

What are customer service and support?
Customer service is the support organizations offer to customers before, during and after purchasing a product or service.
What is quality of experience (QoE or QoX)?
Quality of experience (QoE or QoX) is a measure of the overall level of a customer's satisfaction and experience with a product ...
What is voice of the customer? A guide to VOC Strategy
Voice of the customer (VOC) is the component of customer experience (CX) that focuses on customer needs, wants, expectations and ...

Close