HTTP
Also known as: hypertext transfer protocol
The request/response protocol that powers the web — how browsers and servers talk to each other.
- Primary domain
- Networks & Communications
- Sub-category
- Network Protocols & Components
In simple terms
HTTP is the language web browsers and web servers use to talk. The browser sends a request (“give me this page”), the server sends back a response (“here you go, and here’s the status”).
The Visual Map
sequenceDiagram
participant B as browser
participant S as web server
B->>S: GET /index.html HTTP/1.1<br/>Host: example.com<br/>Accept: text/html
S-->>B: HTTP/1.1 200 OK<br/>Content-Type: text/html<br/>Content-Length: 1256
Note over B: parses HTML, finds assets
B->>S: GET /style.css
S-->>B: 200 OK (text/css)
B->>S: GET /missing.png
S-->>B: 404 Not Found
More detail
An HTTP request has:
- A method (
GET,POST,PUT,DELETE,PATCH, …). - A URL that identifies the resource.
- Headers with metadata (content type, cookies, caching directives, auth, …).
- An optional body (for
POST,PUT, …).
An HTTP response has:
- A status code —
200 OK,301 Moved Permanently,404 Not Found,500 Internal Server Error, … - Headers.
- A body, often HTML, JSON, or an image.
Versions matter:
- HTTP/1.1 — text-based, one request at a time per connection (mostly).
- HTTP/2 — binary, multiplexed over a single connection.
- HTTP/3 — built on QUIC over UDP, faster on lossy networks.
HTTPS is HTTP over TLS — the same protocol with end-to-end encryption and server identity verification.
HTTP is the universal API of the modern internet. Web sites, mobile apps, microservices, webhooks — they almost all speak it.
Under the Hood
HTTP/1.1 is plain text on a TCP socket. This is a complete, valid exchange:
GET /index.html HTTP/1.1
Host: example.com
User-Agent: curl/8.5
Accept: */*
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 48
Cache-Control: max-age=604800
<html><body><h1>Hello, world.</h1></body></html>Request line, headers, blank line, optional body — that’s the entire grammar. HTTP/2 and HTTP/3 carry the same semantics (methods, headers, status codes) in binary frames, which is why your application code rarely cares which version is underneath.
Engineering Trade-offs
- Statelessness vs convenience. Each request stands alone, which makes servers trivially scalable behind load balancers — but every stateful feature (logins, carts) needs cookies, tokens, or sessions bolted on top.
- Text vs binary framing. HTTP/1.1’s readable text made it debuggable with
telnetand ubiquitous; HTTP/2 traded that readability for multiplexing and header compression because parsing text at scale was the bottleneck. - One connection, many streams. HTTP/2 multiplexing removes connection overhead but inherits TCP head-of-line blocking: one lost packet stalls all streams. HTTP/3 moved to QUIC precisely to give each stream independent delivery.
- Caching vs freshness. HTTP’s cache headers (
Cache-Control,ETag) let CDNs absorb most of the world’s traffic, at the price of an entire discipline of cache-invalidation bugs.
Real-world examples
- Loading
https://wikipedia.orgis one HTTPGETrequest (followed by many more for assets). - A REST API responds to
GET /api/users/42with a JSON body. - A webhook is just an HTTP
POSTfrom one service to another. - A single browser tab opening Gmail can fire off hundreds of HTTP requests in the first second — a mix of HTML, JS modules, fonts, images, and API calls.
Common misconceptions
- “HTTPS encrypts who I’m talking to.” It encrypts the payload, but the destination IP and (often) hostname are still visible.
- “
POSTis for new data,PUTis for updates.” Closer to:POSTis “do something with this”,PUTis “make this resource look exactly like this”. Conventions vary by API.
Try it yourself
Run a real HTTP exchange entirely on your machine — server, raw-socket client, and the actual bytes on the wire:
python3 -c "
import socket, threading, http.server, functools
srv = http.server.ThreadingHTTPServer(('127.0.0.1', 0), http.server.SimpleHTTPRequestHandler)
threading.Thread(target=srv.serve_forever, daemon=True).start()
s = socket.create_connection(('127.0.0.1', srv.server_address[1]))
s.sendall(b'GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n')
resp = b''
while chunk := s.recv(4096):
resp += chunk
print(resp.decode(errors='replace')[:400])
srv.shutdown()
"The response starts with the status line and headers — the same text your browser parses on every page load.
Learn next
- HTTPS — the same protocol wrapped in encryption; the web’s default.
- REST API — the dominant convention for building APIs on HTTP.
- QUIC — the transport HTTP/3 runs on, replacing TCP.
- Web browser — the client that turns these responses into pages.
Read this in a learning path
All paths →This topic is part of 5 learning paths. Start in context to keep prev/next and progress tracking.
- Read this in Backend Engineer Starter KitThe minimum set of topics that turns a programmer into someone who can ship and operate a backend service in production. Start here View the whole path
- Read this in From Hardware to the WebTrace one connection from the CPU on your laptop through the operating system, the network, and the web browser. Start here View the whole path
- Read this in Frontend Engineer Starter KitThe topics that take you from "I can write some JavaScript" to "I can ship a real product on the web that respects users". Start here View the whole path
- Read this in Internet from the Bottom UpTrace one connection from raw packets up through addressing, transport, encryption, and the web — the minimum mental model of how the internet works. Start here View the whole path
- Read this in The Web from Top to BottomTrace a single HTTPS request from the browser down through HTTP, TLS, TCP, UDP, IP, packets, and routing — the whole stack in one walk. Start here View the whole path
Relationships
- Requires
- Next
Neighborhood
A visual companion to the relationships above. Click any node to visit that topic.