HTTP or Hyper Text Transfer Protocol is a stateless protocol – it does not record what happened in the past. Its original purpose is to transfer files and see interconnected information. Now that the World Wide Web has evolved into a bigger, and more complex system, HTTP is now the biggest open market place in the history of the world.
Most web application nowadays are front-end databases that contain user-specific data. It also uses sessions to maintain their state. A session is created when a user enters a username and password. This type of authentication is the true form of HTTP. When it is successful, users can now browse the application seamlessly.
You can use headers to prevent XSS, strict-transport-security, and protect against content sniffing attacks.
Read this tutorial to find out more.