HTTP / HTTPS
HTTP request/response lifecycle
- Client opens a connection (TCP, or QUIC for HTTP/3), then sends an HTTP request.
- Server returns a response: status line, headers, body.
- Connections may be reused (keep-alive), multiplexed (HTTP/2, HTTP/3).
Methods
- GET: retrieve resource (safe, idempotent).
- POST: create/submit (not idempotent by default).
- PUT: replace (idempotent).
- PATCH: partial update.
- DELETE: delete (idempotent-ish by intent).
- HEAD/OPTIONS: metadata/capabilities.
Status codes
- 1xx: informational
- 2xx: success (200, 201, 204)
- 3xx: redirect (301, 302, 307, 308)
- 4xx: client error (400, 401, 403, 404, 429)
- 5xx: server error (500, 502, 503, 504)
Headers and cookies
- Headers carry metadata: auth, content type, caching, tracing, etc.
- Cookies are a state mechanism stored by the client and sent back to the origin (subject to domain/path/secure/samesite rules).
HTTPS + TLS handshake basics
- HTTPS = HTTP over TLS.
- TLS provides server authentication (certificates) + encryption + integrity.
- After handshake, HTTP messages are encrypted in transit.