Comprehensive Guide to HTTP Protocol: Architecture, Workflow, Headers, Status Codes, and Related Concepts

Overview

The HTTP (HyperText Transfer Protocol) is the application‑layer protocol used for communication between web browsers (clients) and web servers. It defines how requests are formatted, transmitted, and how responses are returned.

Network Architecture

HTTP operates over the TCP/IP stack. A client sends a request from the application layer down through transport (TCP) and network (IP) layers to the server, which processes the request and returns a response traversing the layers in reverse order.

Request Process

A typical request consists of a request line (e.g., GET /index.htm HTTP/1.1), optional request headers, a blank line, and an optional body. The server replies with a status line (e.g., HTTP/1.1 200 OK), response headers, a blank line, and the response body.

Header Fields Overview

Headers convey metadata about the request or response. They are divided into four categories:

General headers (e.g., Cache-Control, Connection, Date)

Request headers (e.g., Accept, Host, Cookie)

Response headers (e.g., Server, Set-Cookie, WWW-Authenticate)

Entity headers (e.g., Content-Type, Content-Length, ETag)

Caching Directives (Cache‑Control)

The Cache-Control header controls cache behavior with directives such as no-cache, no-store, max-age, public, private, and others. These directives determine whether a response may be stored, for how long, and under what conditions it must be revalidated.

Request Headers Details

Key request headers include: Accept: media types the client can handle, with optional quality values. Accept-Charset, Accept-Encoding, Accept-Language: client preferences for character set, encoding, and language. Authorization: credentials for HTTP authentication. Cookie: state information sent by the client. Host: mandatory field specifying the target host and optional port.

Response Headers Details

Important response headers include: Server: identifies the server software. Set-Cookie: instructs the client to store a cookie. WWW-Authenticate: challenges the client for credentials. Location: used with redirection status codes. Retry-After: tells the client when to retry a failed request.

Entity Headers

Entity headers describe the message body, such as Content-Type, Content-Length, Content-Encoding, Last-Modified, and ETag. They are essential for proper handling of the payload.

Cookies

Cookies consist of Set-Cookie (server‑to‑client) and Cookie (client‑to‑server) headers. Attributes like expires, path, domain, Secure, and HttpOnly control lifespan, scope, and security.

Status Codes

HTTP status codes are three‑digit numbers grouped by class:

1xx – Informational

2xx – Success (e.g., 200 OK, 204 No Content)

3xx – Redirection (e.g., 301 Moved Permanently, 302 Found, 304 Not Modified)

4xx – Client errors (e.g., 400 Bad Request, 401 Unauthorized, 404 Not Found)

5xx – Server errors (e.g., 500 Internal Server Error, 503 Service Unavailable)

Message Body and Encodings

The body can be encoded for compression ( gzip, deflate) using the Content-Encoding header, or transferred with chunked encoding ( Transfer-Encoding: chunked) when the total size is unknown beforehand.

Range Requests

Clients can request partial content using the Range header (e.g., Range: bytes=20224-). The server responds with 206 Partial Content and includes a Content-Range header.

Related Web Server Components

Beyond the client‑server pair, other components assist HTTP communication:

Proxy : forwards requests, can filter or cache content.

Cache : stores copies of responses to reduce latency.

Gateway : translates HTTP to other protocols (e.g., FTP).

Tunnel : creates a blind forwarding channel, often used for SSL over HTTP.

Agent : client‑side software that initiates HTTP requests.