Basics of HTTP - HTTP | MDN

archived 22 Jun 2017 13:24:35 UTC

Basics of HTTP

HTTP is a pretty extensible protocol. It relies on a few basics concepts like the notion of resources and URIs, a simple structure of messages, and a client-server structure for the communication flow. On top of these basics concepts, numerous extensions have appeared over the years, adding new functionality and new semantics by creating new HTTP methods or headers.

Articles

Overview of HTTP
Describes what HTTP is and its role in the Web architecture, its position in the protocol stack.
Evolution of HTTP
HTTP was created in the early 1990s and has been extended several times. This article goes through its history and describes HTTP/0.9, HTTP/1.0, HTTP/1.1, and the modern HTTP/2 as well as minor novelties introduced over the years.
Negotiating an HTTP version
Explains how a client and a server can negotiate a specific HTTP version and eventually upgrade the protocol version used.
Resources and URIs
A brief introduction of the notion of resources, identifiers, and locations on the Web.
Identifying resources on the Web
Describes how Web resources are referenced and how to locate them.
Data URIs
A specific kind of URIs that directly embeds the resource it represents. Data URIs are very convenient, but have some caveats.
Separating identity and location of a resource: the Alt-Svc HTTP header
Most of the time identity and location of a Web resource are shared, this can be changed with the Alt-Svc header.
MIME types
Since HTTP/1.0, different types of content can be transmitted. This article explains how this is done using the Content-Type header and the MIME standard.
Choosing between www and non-www URLs
Advice on using a www-prefixed domain or not, this article explains the consequences of the choice as well as how to make it.
Flow of an HTTP session
This fundamental article describes a typical HTTP session: what happens under the hood when you click on a link in your browser…
HTTP Messages
HTTP Messages transmitted during requests or responses have a very clear structure; this introductory article describes this structure, its purpose and its possibilities.
Frame and message structure in HTTP/2
HTTP/2 encapsulates and represents HTTP/1.x messages in a binary frame. This article explains the frame structure, its purpose and the way it is encoded.
Connection management in HTTP/1.x
HTTP/1.1 was the first version of HTTP to support persistent connection and pipelining. This article explains these two concepts.
Connection management in HTTP/2
HTTP/2 completely revisited how connections are created and maintained: this article explains how HTTP frames allow multiplexing and solve the 'head-of-line' blocking problem of former HTTP versions.
Content Negotiation
HTTP introduces a set of headers, starting with Accept- as a way for a browser to announce the format, language, or encoding it prefers. This article explains how this advertisement happens, how the server is expected to react and how it will choose the most adequate response.

Document Tags and Contributors

Tags: 
 Contributors to this page: cissoid, teoli, fscholz
 Last updated by: cissoid,

Thanks! Please check your inbox to confirm your subscription.

If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so. Please check your inbox or your spam filter for an email from us.
See also
  1. HTTP
  2. Guides:
  3. Resources and URIs
    1. Identifying resources on the Web
    2. Data URIs
    3. Introduction to MIME Types
    4. Complete list of MIME Types
    5. Choosing between www and non-www URLs
  4. Basics of HTTP
    1. Overview of HTTP
    2. Evolution of HTTP
    3. HTTP Messages
    4. A typical HTTP session
    5. Connection management in HTTP/1.x
  5. HTTP security
    1. Content Security Policy (CSP)
    2. HTTP Public Key Pinning (HPKP)
    3. HTTP Strict Transport Security (HSTS)
    4. Cookie security
    5. X-Content-Type-Options
    6. X-Frame-Options
    7. X-XSS-Protection
    8. Mozilla web security guidelines
    9. Mozilla Observatory
  6. HTTP access control (CORS)
  7. HTTP caching
  8. HTTP compression
  9. HTTP conditional requests
  10. HTTP content negotiation
  11. HTTP cookies
  12. HTTP redirects
  13. HTTP specifications
  14. References:
  15. HTTP headers
    1. Accept
    2. Accept-Charset
    3. Accept-Encoding
    4. Accept-Language
    5. Accept-Ranges
    6. Access-Control-Allow-Credentials
    7. Access-Control-Allow-Headers
    8. Access-Control-Allow-Methods
    9. Access-Control-Allow-Origin
    10. Access-Control-Expose-Headers
    11. Access-Control-Max-Age
    12. Access-Control-Request-Headers
    13. Access-Control-Request-Method
    14. Age
    15. Cache-Control
    16. Connection
    17. Content-Disposition
    18. Content-Encoding
    19. Content-Language
    20. Content-Length
    21. Content-Location
    22. Content-Security-Policy
    23. Content-Security-Policy-Report-Only
    24. Content-Type
    25. Cookie
    26. Cookie2
    27. DNT
    28. Date
    29. ETag
    30. Expires
    31. From
    32. Host
    33. If-Match
    34. If-Modified-Since
    35. If-None-Match
    36. If-Range
    37. If-Unmodified-Since
    38. Keep-Alive
    39. Last-Modified
    40. Location
    41. Origin
    42. Pragma
    43. Public-Key-Pins
    44. Public-Key-Pins-Report-Only
    45. Referer
    46. Referrer-Policy
    47. Retry-After
    48. Server
    49. Set-Cookie
    50. Set-Cookie2
    51. Strict-Transport-Security
    52. TE
    53. Tk
    54. Trailer
    55. Transfer-Encoding
    56. Upgrade-Insecure-Requests
    57. User-Agent
    58. Vary
    59. Via
    60. Warning
    61. X-Content-Type-Options
    62. X-DNS-Prefetch-Control
    63. X-Frame-Options
    64. X-XSS-Protection
  16. HTTP request methods
    1. GET
    2. HEAD
    3. OPTIONS
    4. POST
  17. HTTP response status codes
    1. 100 Continue
    2. 200 OK
    3. 201 Created
    4. 204 No Content
    5. 206 Partial Content
    6. 301 Moved Permanently
    7. 302 Found
    8. 303 See Other
    9. 304 Not Modified
    10. 307 Temporary Redirect
    11. 308 Permanent Redirect
    12. 404 Not Found
    13. 406 Not Acceptable
    14. 410 Gone
    15. 412 Precondition Failed
    16. 451 Unavailable For Legal Reasons
    17. 500 Internal Server Error
    18. 501 Not Implemented
    19. 502 Bad Gateway
    20. 503 Service Unavailable
    21. 504 Gateway Timeout
  18. CSP directives
    1. CSP: base-uri
    2. CSP: block-all-mixed-content
    3. CSP: child-src
    4. CSP: connect-src
    5. CSP: default-src
    6. CSP: font-src
    7. CSP: form-action
    8. CSP: frame-ancestors
    9. CSP: frame-src
    10. CSP: img-src
    11. CSP: manifest-src
    12. CSP: media-src
    13. CSP: object-src
    14. CSP: plugin-types
    15. CSP: referrer
    16. CSP: report-uri
    17. CSP: require-sri-for
    18. CSP: sandbox
    19. CSP: script-src
    20. CSP: style-src
    21. CSP: upgrade-insecure-requests
    22. CSP: worker-src
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%