Basics of HTTP

HTTP is a pretty extensible protocol. It relies on a few basics concepts like the notion of resources and URIs, a simple structure of messages, and a client-server structure for the communication flow. On top of these basics concepts, numerous extensions have appeared over the years, adding new functionality and new semantics by creating new HTTP methods or headers.

Articles

Overview of HTTP Describes what HTTP is and its role in the Web architecture, its position in the protocol stack. Evolution of HTTP HTTP was created in the early 1990s and has been extended several times. This article goes through its history and describes HTTP/0.9, HTTP/1.0, HTTP/1.1, and the modern HTTP/2 as well as minor novelties introduced over the years. Negotiating an HTTP version Explains how a client and a server can negotiate a specific HTTP version and eventually upgrade the protocol version used. Resources and URIs A brief introduction of the notion of resources, identifiers, and locations on the Web. Identifying resources on the Web Describes how Web resources are referenced and how to locate them. Data URIs A specific kind of URIs that directly embeds the resource it represents. Data URIs are very convenient, but have some caveats. Separating identity and location of a resource: the Alt-Svc HTTP header Most of the time identity and location of a Web resource are shared, this can be changed with the Alt-Svc header. MIME types Since HTTP/1.0, different types of content can be transmitted. This article explains how this is done using the Content-Type header and the MIME standard. Choosing between www and non-www URLs Advice on using a www-prefixed domain or not, this article explains the consequences of the choice as well as how to make it. Flow of an HTTP session This fundamental article describes a typical HTTP session: what happens under the hood when you click on a link in your browser… HTTP Messages HTTP Messages transmitted during requests or responses have a very clear structure; this introductory article describes this structure, its purpose and its possibilities. Frame and message structure in HTTP/2 HTTP/2 encapsulates and represents HTTP/1.x messages in a binary frame. This article explains the frame structure, its purpose and the way it is encoded. Connection management in HTTP/1.x HTTP/1.1 was the first version of HTTP to support persistent connection and pipelining. This article explains these two concepts. Connection management in HTTP/2 HTTP/2 completely revisited how connections are created and maintained: this article explains how HTTP frames allow multiplexing and solve the 'head-of-line' blocking problem of former HTTP versions. Content Negotiation HTTP introduces a set of headers, starting with Accept- as a way for a browser to announce the format, language, or encoding it prefers. This article explains how this advertisement happens, how the server is expected to react and how it will choose the most adequate response.

Document Tags and Contributors

Contributors to this page: cissoid, teoli, fscholz

Last updated by: cissoid, Sep 8, 2016, 8:43:34 PM

HTTP
Guides:
Resources and URIs
1. Identifying resources on the Web
2. Data URIs
3. Introduction to MIME Types
4. Complete list of MIME Types
5. Choosing between www and non-www URLs
1. Overview of HTTP
2. Evolution of HTTP
3. HTTP Messages
4. A typical HTTP session
5. Connection management in HTTP/1.x
1. Content Security Policy (CSP)
2. HTTP Public Key Pinning (HPKP)
3. HTTP Strict Transport Security (HSTS)
4. Cookie security
5. X-Content-Type-Options
6. X-Frame-Options
7. X-XSS-Protection
8. Mozilla web security guidelines
9. Mozilla Observatory
1. Accept
2. Accept-Charset
3. Accept-Encoding
4. Accept-Language
5. Accept-Ranges
6. Access-Control-Allow-Credentials
7. Access-Control-Allow-Headers
8. Access-Control-Allow-Methods
9. Access-Control-Allow-Origin
10. Access-Control-Expose-Headers
11. Access-Control-Max-Age
12. Access-Control-Request-Headers
13. Access-Control-Request-Method
14. Age
15. Cache-Control
16. Connection
17. Content-Disposition
18. Content-Encoding
19. Content-Language
20. Content-Length
21. Content-Location
22. Content-Security-Policy
23. Content-Security-Policy-Report-Only
24. Content-Type
25. Cookie
26. Cookie2
27. DNT
28. Date
29. ETag
30. Expires
31. From
32. Host
33. If-Match
34. If-Modified-Since
35. If-None-Match
36. If-Range
37. If-Unmodified-Since
38. Keep-Alive
39. Last-Modified
40. Location
41. Origin
42. Pragma
43. Public-Key-Pins
44. Public-Key-Pins-Report-Only
45. Referer
46. Referrer-Policy
47. Retry-After
48. Server
49. Set-Cookie
50. Set-Cookie2
51. Strict-Transport-Security
52. TE
53. Tk
54. Trailer
55. Transfer-Encoding
56. Upgrade-Insecure-Requests
57. User-Agent
58. Vary
59. Via
60. Warning
61. X-Content-Type-Options
62. X-DNS-Prefetch-Control
63. X-Frame-Options
64. X-XSS-Protection
1. GET
2. HEAD
3. OPTIONS
4. POST
1. 100 Continue
2. 200 OK
3. 201 Created
4. 204 No Content
5. 206 Partial Content
6. 301 Moved Permanently
7. 302 Found
8. 303 See Other
9. 304 Not Modified
10. 307 Temporary Redirect
11. 308 Permanent Redirect
12. 404 Not Found
13. 406 Not Acceptable
14. 410 Gone
15. 412 Precondition Failed
16. 451 Unavailable For Legal Reasons
17. 500 Internal Server Error
18. 501 Not Implemented
19. 502 Bad Gateway
20. 503 Service Unavailable
21. 504 Gateway Timeout
1. CSP: base-uri
2. CSP: block-all-mixed-content
3. CSP: child-src
4. CSP: connect-src
5. CSP: default-src
6. CSP: font-src
7. CSP: form-action
8. CSP: frame-ancestors
9. CSP: frame-src
10. CSP: img-src
11. CSP: manifest-src
12. CSP: media-src
13. CSP: object-src
14. CSP: plugin-types
15. CSP: referrer
16. CSP: report-uri
17. CSP: require-sri-for
18. CSP: sandbox
19. CSP: script-src
20. CSP: style-src
21. CSP: upgrade-insecure-requests
22. CSP: worker-src