- Designed to work over HTTP ports 80 7 443 to support proxies and intermediaries
- Use HTTP Upgrade header to change protocol
- allow service of both HTTP and WebSocket on same port
- Full-duplex, low overhead
- URI Schemes:
- Transmission
- "messages" with small header & payload
- with extension allows multiplexing several streams
- Security
- Important to examine Origin header during connection on server side
- Prefer token over cookie or HTTP authentication to avoid Cross-Site WebSocket Hijacking attacks