HTTP & HTTPS
The rules for communication, including headers, cookies, and the importance of encryption via SSL/TLS in HTTPS
Overview
HTTP (HyperText Transfer Protocol) and HTTPS (HTTP Secure) are the protocols that power the web. They define how messages are formatted and transmitted between clients and servers.
HTTPS adds a security layer using SSL/TLS encryption to protect data in transit, making it essential for modern web applications.
Key Concepts
HTTP Methods
GET (retrieve), POST (create), PUT (update), DELETE (remove), PATCH (partial update), HEAD (metadata only), OPTIONS (supported methods).
Status Codes
2xx (success), 3xx (redirection), 4xx (client error), 5xx (server error). Common ones: 200 OK, 404 Not Found, 500 Internal Server Error.
Headers
Metadata sent with requests/responses: Content-Type, Authorization, Cache-Control, Cookies, User-Agent, etc.
SSL/TLS
Cryptographic protocols that provide secure communication over networks through encryption and authentication.
How It Works
HTTP Request Structure:
- Method (GET, POST, etc.)
- URL/Path (/api/users/123)
- Headers (Content-Type, Authorization)
- Body (for POST/PUT requests)
HTTP Response Structure:
- Status Code (200, 404, 500)
- Headers (Content-Type, Cache-Control)
- Body (HTML, JSON, XML, etc.)
HTTPS adds:
- TLS Handshake (establishes secure connection)
- Certificate verification (ensures server identity)
- Encryption (protects data from eavesdropping)
Use Cases
Loading web pages (HTML, CSS, JavaScript)
API communication (RESTful services)
File uploads and downloads
Form submissions
Real-time data updates (with long polling)
Authentication and authorization
Best Practices
Always use HTTPS in production
Use appropriate HTTP methods (GET for retrieval, POST for creation)
Implement proper status codes
Set correct Content-Type headers
Use HTTP caching headers (Cache-Control, ETag)
Implement CORS properly for API security
Keep cookies secure with HttpOnly and Secure flags
Use HSTS (HTTP Strict Transport Security)
Interview Tips
What Interviewers Look For
- •
Know the difference between HTTP methods and when to use each
- •
Explain common status codes: 200, 201, 400, 401, 403, 404, 500, 502, 503
- •
Discuss the importance of HTTPS: encryption, authentication, data integrity
- •
Explain cookies and sessions for maintaining state
- •
Talk about HTTP/2 and HTTP/3 improvements: multiplexing, server push, QUIC
- •
Mention security headers: CORS, CSP, X-Frame-Options
Related Topics
- Client-Server ArchitectureThe core concept where a client (browser/mobile app) requests data and a server processes and responds
- IP Addresses & DNSHow computers identify each other using unique IP addresses and how DNS maps human-friendly names to those addresses
- APIs (REST vs. GraphQL)The structured ways clients interact with servers, comparing REST with GraphQL approaches