##
HTTP / HTTPS
A stateless request/response protocol over TCP (HTTP/1.1, /2) or QUIC (HTTP/3). HTTPS is simply HTTP carried inside a TLS tunnel on port 443.
// request → response
Browser
→ DNS resolve
→ TCP + TLS
→ GET /index
→ 200 OK + body
Request line + headers + optional body → status line + headers + body. Keep-alive reuses the TCP/TLS connection for the next request.
// methods
| GET | Retrieve — safe & idempotent |
| POST | Create / submit — not idempotent |
| PUT | Replace — idempotent |
| PATCH | Partial update |
| DELETE | Remove — idempotent |
| HEAD | Headers only, no body |
| OPTIONS | Allowed methods / CORS preflight |
// status code classes
| 1xx | Informational — 100 Continue, 101 Switching |
| 2xx | Success — 200 OK, 201 Created, 204 No Content |
| 3xx | Redirect — 301 Moved, 302 Found, 304 Not Modified |
| 4xx | Client error — 400, 401, 403, 404, 429 |
| 5xx | Server error — 500, 502, 503, 504 |
// protocol versions
| HTTP/1.0 | 1996 | One request per connection |
| HTTP/1.1 | 1997 | Keep-alive, pipelining, Host header, chunked |
| HTTP/2 | 2015 | Binary, multiplexed streams, header compression (HPACK) |
| HTTP/3 | 2022 | Runs on QUIC (UDP 443) — no head-of-line blocking |
// common headers
| Host | Target virtual host (required in 1.1) |
| Content-Type | MIME type of the body |
| Authorization | Credentials / bearer token |
| Cache-Control | Caching directives |
| Set-Cookie | Server stores session state |
| User-Agent | Client identification |