HTTP (Hypertext Transfer Protocol) is an application-layer protocol for distributed, collaborative, hypermedia information systems. It is the foundational, stateless protocol used to transfer data (such as HTML documents, images, and videos) on the World Wide Web.
How HTTP Works
HTTP is a request-response protocol:
- Client Request - A browser or app sends a request to a server, specifying a method(GET, POST, etc.) and a source path.
- Server Response - The server processes the request and returns a response containing a status code, headers, and an optical body. Requests and responses are structured as messages, making them human-readable and extensible.
HTTP Methods
GET – Retrieve a resource. This method is safe (does not modify the resource) and idempotent (repeating it has the same effect). Typical use: loading a web page or fetching data from an API.
POST – Submit data to a server to create a new resource or trigger processing. Not idempotent. Example: submitting a form or posting a comment.
PUT – Replace a resource entirely with the request payload. Idempotent. Example: updating a file on a server.
PATCH – Apply a partial modification to a resource. Not necessarily idempotent. Example: updating a single field in a database record.
DELETE – Remove a resource. Idempotent. Example: deleting a user account.
HEAD – Same as GET but without the body. Used to fetch metadata (headers) about a resource, like checking if it exists or its size.
OPTIONS – Ask the server which methods are supported on a resource. Commonly used in CORS preflight requests in web applications.
Headers and Metadata
HTTP messages are more than just the request or response body — they carry headers, which provide metadata about the message or instructions on how to handle it. Headers make HTTP flexible and extensible.
Common Request Headers
Host – Specifies the domain name of the server. Required in HTTP/1.1 to handle virtual hosting.
User-Agent – Identifies the client software (browser, app, or bot). Useful for analytics or server behavior adjustments.
Accept – Indicates the content types the client can process, e.g., text/html or application/json.
Authorization – Carries credentials or tokens for authentication.
Cookie – Sends previously set cookies to the server.
Common Response Headers
Content-Type – The MIME type of the response body, e.g., text/html, application/json.
Content-Length – The size of the response body in bytes.
Set-Cookie – Instructs the client to store a cookie for future requests.
Cache-Control – Defines caching policies (e.g., no-cache, max-age=3600).
Location – Used in redirects to indicate the new URL.
Special Header Categories
Caching Headers – ETag, Last-Modified, Expires. Help clients avoid downloading unchanged resources.
Security Headers – Strict-Transport-Security, Content-Security-Policy, X-Frame-Options. Protect against attacks like XSS and clickjacking.
Custom / Application Headers – Many APIs define headers like X-Request-ID for tracing requests or X-Rate-Limit for throttling.
Why Headers Matter
Headers are what allow HTTP to be protocol-agnostic and extensible. Without headers:
The client and server wouldn’t know content type, length, or caching policies.
Authentication and session management would be impossible.
Advanced features like partial content delivery, compression, and CORS would not work.
In short, headers transform HTTP from a simple message-passing protocol into a fully-featured web communication framework.
HTTP Versions
HTTP has evolved over time:
HTTP/1.1 – Persistent connections, chunked transfers.
HTTP/2 – Multiplexed streams, binary framing.
HTTP/3 – Runs over QUIC for faster, more reliable connections.
Despite differences, all versions follow the same basic request-response model.
Summary
HTTP is the language that makes the web possible. It defines how a client asks for something and how a server responds. Every time you open a website, load an image, submit a form, or use an API, HTTP is working underneath. Through its methods, it defines what action you want to perform. Through its headers, it carries instructions and metadata about how that data should be handled. Through its evolving versions, it improves speed, efficiency, and security — without changing its fundamental model. At its core, HTTP is simple: request and response.
But from that simplicity, the entire modern web is built.
Now you know what happens behind those backend systems. I'm going to be releasing articles for other network protocols. It's going to be a series one per week. Next week we'll look at TCP. Follow me on: LinkedIn and Github.
Until next time, peace, focus.
Top comments (0)