What Do Web Developers Need To Know About HTTP/HTTPS?

twitter logo github logo ・1 min read

In the Web Developer Roadmap and other sources, it's said that web developers should have some working knowledge of HTTP. I find the scope of this subject hard to parse, and am wondering what folks think webdevs need to know about HTTP, apart from status codes and request methods?

twitter logo DISCUSS (5)
markdown guide
 

If you can answer these, I would say you're ahead of the game.

  • Status codes: what is the most appropriate response you can return for a given situation?
  • HTTP/2: why is the number of resource requests made by a page less important on a server supporting HTTP/2?
  • HTTP caching. I feel like most people don't have a solid grasp of what the different headers mean and don't explore past the point of "Clear your cache if you don't see the CSS updates!"
  • Know your common headers, especially those that pertain to security. Content Security Policy, referrer policies, Strict Transport Security
 

And CORS, whether you're doing front-end or back-end you should learn about CORS or one day you'll spend hours wondering why your query doesn't return anything, and why your browser is making "OPTIONS" request instead of POSTing your damn form.

 

I remember someone saying that good test of HTTP-knowledge is to browse internet using telnet. That may be a bit too cumbersome now. At the time, some websites were hand-written HTML so it was a bit more pleasant to read. On the other hand, interacting with REST-API should be rather trivial. Only potential issue is that HTTPS doesn't work but there is an alternative.

Web developer should be familiar with tools like curl or httpie. That kind of tools are essential time to time when debugging things. I don't think you can use those tools effectively without having some grasp of the underlying protocols (TCP and HTTP).

 

I think the other answers already talked about you should know about HTTP, but about HTTPS it would be good to know how certificates actually works, how to properly issue one and what you have to do to have the padlock beside your site URL.
One important thing is if your site is delivered through HTTPS, everything must be delivered through HTTPS. Sometimes you will not understand the warnings when one little image is being delivered through HTTP instead of HTTPS. And that HTTP is over port 80 and HTTPS over port 443. ;-)

 

These are great answers, thanks for chiming in!

Classic DEV Post from Oct 15 '18

Who's looking for open source contributors? (October 15th edition)

It's half way into #hacktoberfest! Find something to work on or promote your p...

Michael Caveney profile image
I am a largely self-taught dev from the greater Boston area. The technologies I'm most excited to work with these days are React, Gatsby, and Apollo.

Sore eyes?

dev.to now has dark mode.

Go to the "misc" section of your settings and select night theme ❤️