πŸš€
πŸ—οΈ System Design
Protocols
2. HTTP

Introduction to HTTP

HTTP (HyperText Transfer Protocol) is the foundation of data communication for the World Wide Web. It defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands.

What is HTTP?

HTTP is an application-layer protocol for transmitting hypermedia documents, such as HTML. It was designed for communication between web browsers and web servers, but it can also be used for other purposes.

Key Features:

  • Text-based protocol: Human-readable and easy to debug.
  • Stateless: Each request is independent and doesn't retain memory of previous interactions.
  • Support for multiple methods: GET, POST, PUT, DELETE, etc.
  • Media Independent: Any type of data can be sent as long as both client and server know how to handle it.

How HTTP Works

HTTP follows a Client-Server model. A client (typically a browser) makes an HTTP request, and a server processes that request and sends back a response.

Components of a Request:

  • Method: Defines the action (e.g., GET, POST).
  • URL: The resource being requested.
  • Headers: Metadata like User-Agent, Content-Type.
  • Body: Optional data sent in POST/PUT requests.

Components of a Response:

  • Status Code: Indicates success or failure (e.g., 200 OK, 404 Not Found).
  • Headers: Metadata about the response.
  • Body: The actual content returned (HTML, JSON, etc.).

The HTTP Request-Response Cycle

In a modern distributed system, the cycle often involves more than just a simple server.

Step 1: The browser (client) sends a request

The user triggers an action (like clicking a link), and the browser sends an HTTP request to the server.

Step 2: The web server processes the request

The server receives the request, identifies the requested resource, and may interact with a database.

Step 3: The server generates a response

The server packages the data (or an error message) into an HTTP response.

Step 4: The browser renders the response

The browser receives the response and displays the content to the user.

Stateless Nature of HTTP

HTTP is stateless, meaning it doesn't retain memory of previous requests. Each request is treated as an independent transaction.

  • Challenges: Hard to maintain user sessions (e.g., login state).
  • Solutions:
    • Cookies: Small pieces of data stored in the browser.
    • Sessions: Server-side storage of user state.
    • Tokens: Used for authentication & authorization (JWT, OAuth).

HTTP Methods

Common HTTP methods and their primary use cases:

MethodDescriptionUse Case
GETRetrieve a resource.Fetching a webpage or API data.
POSTSend data to create a new resource.Submitting a form or uploading a file.
PUTUpdate an existing resource.Updating user profile details.
DELETERemove a resource.Deleting a blog post.
PATCHPartially update a resource.Changing just the title of a post.

HTTP Status Codes

Status codes are grouped into five classes:

  • 1xx - Informational: Request received, continuing process.
  • 2xx - Success: Request successfully processed.
    • 200 OK: Successful response.
    • 201 Created: Resource successfully created.
  • 3xx - Redirection: Further action needed.
    • 301 Moved Permanently: Resource URL changed.
    • 304 Not Modified: Use cached version.
  • 4xx - Client Errors: Mistakes in the request.
    • 400 Bad Request: Incorrect request format.
    • 401 Unauthorized: Authentication required.
    • 403 Forbidden: No permission.
    • 404 Not Found: Resource doesn't exist.
  • 5xx - Server Errors: Issue with the server.
    • 500 Internal Server Error: Unexpected server failure.
    • 503 Service Unavailable: Server overloaded.

Interview Questions & Answers: HTTP

Deepen your understanding of the HyperText Transfer Protocol with these common technical interview questions.

1. What is HTTP, and how does it work?

HTTP (HyperText Transfer Protocol) is the foundation of communication on the web. It enables the transfer of resources such as web pages, images, and API responses.

How It Works:

  1. Request: A client (browser, mobile app) sends an HTTP request to a web server.
  2. Processing: The server processes the request and retrieves the requested data.
  3. Response: The server returns an HTTP response containing the data or an error.
  4. Rendering: The client receives and renders the resource (e.g., displaying the webpage).

2. Why is HTTP considered a stateless protocol?

HTTP is stateless because it does not retain memory of previous requests between the client and server. Each request is treated as independent, and the server does not store session information by default.

Solutions to Maintain State:

  • Cookies: Stored in the browser and sent with every request.
  • Sessions: Server-side storage indexed by a Session ID.
  • Tokens (JWT): Used for stateless authentication in modern APIs.

3. What are the key differences between HTTP and HTTPS?

FeatureHTTPHTTPS
SecurityPlain text (vulnerable)Encrypted (Secure)
EncryptionNoneSSL/TLS
Port80443
IntegrityCan be tampered withProtected from tampering

4. Explain the HTTP request-response cycle with an example.

  1. Client Sends Request: GET /index.html HTTP/1.1
  2. Server Processes: The server finds index.html.
  3. Server Sends Response: HTTP/1.1 200 OK with HTML content.
  4. Client Renders: Browser displays the HTML.

5. What are HTTP methods? When would you use PUT vs. PATCH?

  • GET: Retrieve data.
  • POST: Create a resource.
  • PUT: Replace an entire resource.
  • PATCH: Update part of a resource (e.g., changing only an email).
  • DELETE: Remove a resource.

6. What are HTTP status codes? Give examples.

  • 1xx (Info): Processing...
  • 2xx (Success): 200 OK, 201 Created.
  • 3xx (Redirection): 301 Moved Permanently, 304 Not Modified.
  • 4xx (Client Error): 400 Bad Request, 401 Unauthorized, 404 Not Found.
  • 5xx (Server Error): 500 Internal Error, 503 Service Unavailable.

7. How do cookies, sessions, and tokens help maintain state?

  • Cookies: Client-side storage sent with every request.
  • Sessions: Server-side data identified by a cookie-stored ID.
  • Tokens (JWT): JSON-based, self-contained authentication sent in headers.

8. What is the difference between 301 and 302 redirections?

  • 301 Moved Permanently: URL changed forever; search engines update their index.
  • 302 Found (Temporary): URL changed briefly; search engines keep the old URL.

9. How does caching work in HTTP?

Caching reduces server load by storing copies of resources. Key headers include:

  • Cache-Control: e.g., max-age=3600 (1 hour) or no-cache.
  • ETag: A unique version ID for a resource.
  • Expires: A specific date/time for expiration.

10. What are common HTTP security risks and mitigations?

  • Risk: Man-in-the-middle attacks, Session hijacking.
  • Mitigation: Use HTTPS, secure cookies (HttpOnly, Secure flags), and Tokens (JWT) for secure API access.

Final Thoughts

Understanding HTTP is essential for building and debugging web applications. It's the protocol that brings everything together in the world of distributed systems.

1. TCP vs. UDP3. REST API

Β© 2024 Driptanil Datta.All rights reserved

Made with Love ❀️

Last updated on Thu Mar 12 2026