Question Answer Logo

Question Answer

What is HTTP and how it is work?

HTTP: What It Is and How It Works

HTTP (HyperText Transfer Protocol) is the standard application-layer protocol that lets web browsers and mobile apps communicate with web servers. It powers web pages, images, videos, and REST APIs. HTTP defines how a client requests a resource and how a server responds, using a simple, text-based format.

Key Features of HTTP

  • Client–server model: A client (like a browser) sends a request; a server sends a response.
  • Stateless: Each request is independent. Servers don’t remember previous requests unless you use cookies or tokens.
  • Resource-oriented: Resources are identified by URLs/URIs.
  • Text-based messages: Requests and responses use human-readable lines and headers.

Where HTTP Fits in the Network Stack

  • Layer: Application layer over TCP/IP.
  • Default ports: 80 (HTTP), 443 (HTTPS).
  • Protocols: HTTP/1.1 (widely used), HTTP/2 (multiplexing), HTTP/3 over QUIC (runs on UDP for faster, reliable delivery).

Step-by-Step: How HTTP Works

  1. URL and DNS: You enter a URL. DNS resolves the domain (e.g., example.com) to an IP address.
  2. Connection setup: The client opens a TCP connection to the server. If it’s HTTPS, a TLS handshake secures the connection first.
  3. Request sent: The client sends an HTTP request line (method, path, version), headers, and optionally a body.
  4. Server processing: The server runs application logic, accesses databases, and prepares a response.
  5. Response returned: The server sends a status line (version, status code), headers, and a body (HTML, JSON, image, etc.).
  6. Render and follow-ups: The browser renders the page and makes extra requests for CSS, JS, images, fonts, etc.
  7. Connection reuse or close: With keep-alive/HTTP/2, the connection is reused to reduce latency.

HTTP Message Structure

  • Request: Request line (e.g., GET /path HTTP/1.1), headers (key: value), optional body (for POST/PUT/PATCH).
  • Response: Status line (e.g., HTTP/1.1 200 OK), headers, body (content).

Example: Raw HTTP Request and Response

GET /api/users?id=7 HTTP/1.1
Host: example.com
Accept: application/json
User-Agent: MyBrowser/1.0
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: max-age=60
Content-Length: 48

{"id":7,"name":"Anya","role":"student","active":true}

Common HTTP Methods (Verbs)

  • GET: Retrieve data (safe, idempotent).
  • POST: Create or submit data (not idempotent).
  • PUT: Replace a resource (idempotent).
  • PATCH: Partially update a resource.
  • DELETE: Remove a resource (idempotent by definition, but depends on server behavior).
  • HEAD: Same as GET but no body, used to check metadata.
  • OPTIONS: Discover server-supported methods/CORS preflight.

HTTP Status Codes (Quick Guide)

  • 2xx Success: 200 OK, 201 Created, 204 No Content.
  • 3xx Redirection: 301 Moved Permanently, 302 Found, 304 Not Modified.
  • 4xx Client errors: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found.
  • 5xx Server errors: 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable.

Important HTTP Headers

  • Host: Target domain (required in HTTP/1.1).
  • Content-Type: Media type of the body (e.g., application/json, text/html).
  • Accept: What formats the client can handle.
  • Authorization: Credentials or tokens (e.g., Bearer JWT).
  • Cache-Control, ETag, Last-Modified: Caching and validation.
  • Cookie / Set-Cookie: Session state and preferences.
  • User-Agent: Client information.
  • Location: Redirect or created resource URL.
  • CORS: Origin, Access-Control-Allow-Origin for cross-site requests.

State Management on a Stateless Protocol

  • Cookies + Sessions: Server issues a session ID (Set-Cookie). Client sends it back on each request.
  • Tokens: JWT or opaque tokens in Authorization header for APIs.
  • Client storage: LocalStorage/SessionStorage (browser-side; not part of HTTP but often used with it).

Performance and Caching

  • Keep-Alive: Reuses the connection to reduce handshake overhead.
  • HTTP/2: Multiplexes many requests over one connection, compresses headers.
  • HTTP/3 (QUIC): Reduces latency and improves performance over unreliable networks.
  • Caching: Use Cache-Control (max-age, no-cache), ETag, and Last-Modified to avoid re-downloading unchanged content.
  • Compression: gzip/br (Content-Encoding) to shrink payloads.

HTTP vs HTTPS

  • HTTP: Plaintext; easy to intercept or modify.
  • HTTPS: HTTP over TLS; encrypts data, ensures integrity, and authenticates the server using digital certificates.

End-to-End Flow Summary

URL → DNS lookup → TCP connect → (TLS handshake) → HTTP request
→ Server logic → HTTP response → Render/Load assets → Reuse/close connection

In One Line

HTTP is the stateless, application-layer protocol that defines how clients and servers exchange requests and responses to deliver web pages and APIs across the internet.