Picture two very formal Victorian letter writers. Every exchange follows strict etiquette: one always opens the conversation, one always responds. There is a specific format for every letter — a greeting, a purpose, a body, a sign-off. They never deviate from the protocol, and because of that, they always understand each other perfectly, even though they've never met in person.

Every time you open a webpage, your browser and a web server are those correspondents. The protocol they follow is HTTP — HyperText Transfer Protocol. First defined by Tim Berners-Lee in 1991, HTTP is the foundation of data exchange on the World Wide Web. It is stateless (each request is independent), text-based (readable by humans), and client-initiated (the browser always speaks first).

HTTP: Request and Response Structure

HTTP communication always follows the same pattern: client sends a request, server sends a response.

The Request

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Accept: text/html,application/xhtml+xml
Accept-Language: en-US,en;q=0.9
Connection: keep-alive

[Body — empty for GET, present for POST]

A request has:

Request line: Method + URL path + HTTP version
Headers: Key-value metadata about the request
Blank line: Separates headers from body
Body: Data sent to server (for POST, PUT, etc.)

The Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 3456
Cache-Control: max-age=3600
Date: Mon, 02 Jun 2026 10:30:00 GMT

<!DOCTYPE html>
<html>
<body>Hello, World!</body>
</html>

A response has:

Status line: HTTP version + status code + reason phrase
Headers: Content type, length, caching instructions, etc.
Body: The actual content (HTML, JSON, image data, etc.)

HTTP Methods

HTTP defines a set of request methods (also called verbs) that indicate the desired action:

Method	Purpose	Has Body?	Safe?	Idempotent?
GET	Retrieve a resource	No	Yes	Yes
POST	Submit data, create resource	Yes	No	No
PUT	Replace a resource entirely	Yes	No	Yes
PATCH	Partially update a resource	Yes	No	No
DELETE	Remove a resource	Optional	No	Yes
HEAD	Like GET, but returns only headers	No	Yes	Yes
OPTIONS	Discover what methods are allowed	No	Yes	Yes

Safe = does not modify server state. Idempotent = calling multiple times has same effect as calling once.

HTTP Status Codes

Status codes are grouped into five categories:

Range	Category	Common Examples
1xx	Informational	`100 Continue`, `101 Switching Protocols`
2xx	Success	`200 OK`, `201 Created`, `204 No Content`
3xx	Redirection	`301 Moved Permanently`, `302 Found`, `304 Not Modified`
4xx	Client Error	`400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`
5xx	Server Error	`500 Internal Server Error`, `502 Bad Gateway`, `503 Service Unavailable`

404 Not Found means the resource doesn't exist at that URL. 403 Forbidden means the resource exists but you don't have permission. These are different errors that developers frequently confuse.

HTTP Version Evolution

HTTP Version	Key Feature	Year	Status
HTTP/1.0	One request per TCP connection	1996	Obsolete
HTTP/1.1	Persistent connections, pipelining, chunked transfer	1997	Still widely supported
HTTP/2	Binary framing, multiplexing, header compression (HPACK), server push	2015	Mainstream
HTTP/3	Built on QUIC (UDP-based), eliminates TCP head-of-line blocking	2022	Growing adoption

Why Each Version Mattered

HTTP/1.0 opened a new TCP connection for every single request — an enormous overhead. A page with 30 images required 30 full TCP handshakes.

HTTP/1.1 introduced persistent connections (Connection: keep-alive), reusing the TCP connection. It also added pipelining — sending multiple requests without waiting for each response — though this was rarely used due to head-of-line blocking.

HTTP/2 introduced multiplexing: multiple requests and responses can fly across a single TCP connection simultaneously, each labelled with a stream ID, arriving out of order and reassembled at the destination. It also compresses headers, which in HTTP/1.1 were sent in full with every request.

HTTP/3 replaces TCP with QUIC — a protocol built on UDP that implements reliability and congestion control in user space. The key advantage: QUIC connections are identified by a connection ID rather than an IP/port tuple, so switching Wi-Fi to mobile data mid-stream doesn't break the connection.

HTTPS: HTTP Over TLS

HTTPS is HTTP with a TLS (Transport Layer Security) encryption layer between HTTP and TCP. The "S" stands for Secure.

Without HTTPS, every router, ISP, and network middlebox between you and the server can read your requests and responses — including passwords, credit card numbers, and private messages. HTTPS encrypts all of this.

HTTP stack:
  Application  │  HTTP
  Transport    │  TCP
  Network      │  IP

HTTPS stack:
  Application  │  HTTP
               │  TLS  ← encryption layer added
  Transport    │  TCP
  Network      │  IP

The padlock icon in your browser confirms TLS is active. From 2018, Chrome marked all HTTP sites as "Not Secure." Today, over 95% of web traffic is HTTPS.

What Happens When You Visit a Website

The complete journey from typing a URL to seeing a page:

1. DNS Resolution
   Browser looks up "www.example.com" → gets 93.184.216.34

2. TCP Connection (Three-Way Handshake)
   Browser ──SYN──────────────────> Server
   Browser <─SYN-ACK───────────── Server
   Browser ──ACK──────────────────> Server
   (Connection established)

3. TLS Handshake
   Browser ──ClientHello──────────> Server
   Browser <─ServerHello+Cert───── Server
   Browser verifies certificate against trusted CA
   Browser ──Key Exchange─────────> Server
   (Encrypted channel established)

4. HTTP Request
   Browser ──GET / HTTP/1.1────────> Server (encrypted)

5. HTTP Response
   Browser <─200 OK + HTML content─ Server (encrypted)

6. Browser Renders HTML
   Browser finds <img>, <script>, <link> tags
   Repeats steps 4-5 for each resource
   Paints the page on screen

Total time for a typical page: 200–1500ms depending on server location, page size, and network speed.

Summary

HTTP is the stateless, text-based protocol that powers every web interaction. Its request/response model, defined set of methods, and standardised status codes create a predictable foundation for web applications. HTTP has evolved from single-connection HTTP/1.0 through multiplexed HTTP/2 to the QUIC-based HTTP/3, each version addressing performance bottlenecks of its predecessor. HTTPS wraps HTTP in TLS encryption, protecting data in transit and verifying server identity. The full journey from URL to rendered page involves DNS, TCP, TLS, HTTP, and browser rendering — a coordinated sequence happening invisibly in milliseconds every time you browse.

💬 DiscussionPowered by GitHub Discussions

📱

Get this course's notes on Telegram!

Free cheat sheets, summaries & practice exercises

Get Notes Free →

32 minLesson 13 of 17

Course Contents(17 lessons)

▾

Chapter 1: Network Foundations

What Is a Computer Network? Types and Topologies22 min

Network Devices: Hubs, Switches, Routers Explained25 min

Chapter 2: OSI and TCP/IP Models

The 7-Layer OSI Model: A Layer-by-Layer Journey35 min

TCP/IP Model: How the Internet Actually Works28 min

Data Encapsulation: How Packets Are Built and Unwrapped25 min

Chapter 3: Network and Data Link Layers

IP Addressing: IPv4, Subnets, and CIDR Notation35 min

IPv6: Why We Needed It and How It Works25 min

Routing Algorithms: How Packets Find Their Way30 min

MAC Addresses and the Data Link Layer25 min

Chapter 4: Transport Layer

TCP vs UDP: Reliability vs Speed30 min

TCP Deep Dive: Handshake, Flow Control, Congestion32 min

Chapter 5: Application Layer Protocols

DNS: How Domain Names Become IP Addresses30 min

HTTP and HTTPS: The Web's Foundation32 min

Email, FTP, and Other Application Protocols25 min

Chapter 6: Network Security

Network Security: Threats, Attacks, and Defenses30 min

Firewalls, VPNs, and Network Access Control28 min

SSL/TLS: How HTTPS Encrypts Your Data30 min