Question Answer Logo

Question Answer

What is HTTP and how it is work?

What is HTTP and how does it work?

HTTP (Hypertext Transfer Protocol) is the standard application-layer protocol that lets web browsers and servers talk to each other. It defines how a client (like Chrome or Firefox) requests resources and how a server responds with web pages, images, data, or APIs. It is simple, extensible, and forms the backbone of the World Wide Web.

Key Characteristics of HTTP

  • Application layer: Runs on top of TCP/IP or QUIC (for HTTP/3).
  • Client–server model: Clients send requests; servers return responses.
  • Stateless: Each request is independent; the server does not remember previous requests by default.
  • Text-based messages: Request and response lines, headers, and optional body.
  • Media-agnostic: Can transfer HTML, JSON, images, video, etc.
  • Extensible: Custom headers and methods can be added.

How HTTP Works (Step-by-Step)

  1. URL entry: You enter a URL (e.g., https://example.com/page).
  2. DNS lookup: The domain name is resolved to a server IP address.
  3. Connection setup:
    • HTTP/1.1 and HTTP/2 use TCP (3-way handshake).
    • HTTP/3 uses QUIC over UDP (faster connection setup).
  4. TLS (for HTTPS): A secure TLS handshake encrypts the channel.
  5. Request sent: Browser sends an HTTP request (method, path, headers, optional body).
  6. Server processing: Server routes the request, runs logic, fetches data, and prepares a response.
  7. Response returned: Server sends status code, headers, and body.
  8. Rendering & caching: Browser renders content, downloads linked resources, and may cache responses.
  9. Connection reuse: Keep-Alive or multiplexing allows multiple requests on the same connection.

HTTP Message Structure

  • Request: Request line (method, path, version) + headers + optional body.
  • Response: Status line (version, status code) + headers + optional body.
GET /products?category=laptops HTTP/1.1
Host: example.com
Accept: text/html,application/xhtml+xml
User-Agent: Mozilla/5.0
Connection: keep-alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=3600
Content-Length: 1234


 ... page content ...

Common HTTP Methods

  • GET: Retrieve data (no body, safe and idempotent).
  • POST: Submit data to create or process a resource.
  • PUT: Replace a resource completely (idempotent).
  • PATCH: Partially update a resource.
  • DELETE: Remove a resource (idempotent).
  • HEAD: Like GET but headers only (no body).
  • OPTIONS: Describe communication options (CORS preflight).

Status Code Categories

  • 1xx Informational: Processing started (e.g., 100 Continue).
  • 2xx Success: Request succeeded (e.g., 200 OK, 201 Created).
  • 3xx Redirection: Further action needed (e.g., 301 Moved Permanently, 302 Found, 304 Not Modified).
  • 4xx Client Error: Problem with the request (e.g., 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found).
  • 5xx Server Error: Server failed to fulfill a valid request (e.g., 500 Internal Server Error, 503 Service Unavailable).

Headers and Content Negotiation

Headers carry metadata. The client can tell the server what it prefers, and the server can describe the response.

  • Request headers: Host, Accept, Accept-Language, Authorization, Cookie, User-Agent.
  • Response headers: Content-Type, Content-Length, Set-Cookie, Cache-Control, ETag, Location.
  • Content negotiation: Accept and Accept-Language allow servers to choose formats and languages.

Statelessness, Cookies, and Sessions

  • Stateless: Each request has all the information needed; no built-in memory of previous requests.
  • Sessions via cookies: Server sets a cookie (e.g., session ID). The browser sends it on each request to maintain login state.
  • Tokens: JWT or bearer tokens can be used for API authentication.

Caching Basics

  • Freshness: Cache-Control (max-age), Expires.
  • Validation: ETag and If-None-Match enable 304 Not Modified responses.
  • Benefits: Faster loads, reduced bandwidth, lower server load.

HTTP Versions and Performance

  • HTTP/1.1: Persistent connections; requests are serialized per connection.
  • HTTP/2: Multiplexing multiple requests over one TCP connection, header compression (HPACK), server push.
  • HTTP/3: Runs over QUIC/UDP; faster handshakes and improved performance on lossy networks.

HTTP vs HTTPS

  • HTTP: Unencrypted; data can be read or altered in transit.
  • HTTPS: HTTP over TLS; provides encryption, integrity, and server authenticity (padlock icon).

Where HTTP Is Used

  • Web pages and assets (HTML, CSS, JS, images, video).
  • RESTful APIs and GraphQL endpoints.
  • Mobile and IoT apps communicating with servers.
  • CDNs and proxies that cache and accelerate content.

Quick Summary (Exam-Friendly)

  • HTTP is a stateless, client–server protocol for transferring web data.
  • Works via request–response over TCP (HTTP/1.1, HTTP/2) or QUIC (HTTP/3).
  • Uses methods (GET, POST, etc.), status codes, headers, and bodies.
  • HTTPS secures HTTP using TLS encryption.
  • Caching, cookies, and content negotiation optimize performance and usability.