Networking Fundamentals: HTTP Status Codes, Redirect vs Forward, TCP/UDP Differences, OSI Model, GET vs POST, and Cross‑Origin Techniques

79. What do HTTP response codes 301 and 302 represent and how do they differ? Both 301 and 302 are HTTP status codes indicating that a URL has moved. 301 means a permanent move (Permanently Moved), while 302 indicates a temporary move (Temporarily Moved).

80. Difference between forward and redirect? Forward (server‑side forward) is a direct request transfer where the client sends a single request and the server internally forwards it to another resource, sharing the same request object. Redirect is an indirect transfer that involves two HTTP requests: the server responds to the first request with a location header, causing the browser to issue a second request to a different URL.

81. Briefly describe the differences between TCP and UDP.

TCP is connection‑oriented, providing reliable, ordered delivery with error checking, retransmission, flow control, and higher resource consumption.

UDP is connection‑less, offering best‑effort delivery without guarantees, lower latency, and lower resource usage, suitable for real‑time or broadcast communication.

TCP supports one‑to‑one communication; UDP supports one‑to‑one, one‑to‑many, many‑to‑one, and many‑to‑many patterns.

82. Why does TCP require a three‑way handshake? The three‑way handshake allows both sides to exchange initial sequence numbers and confirm receipt, ensuring reliable data transfer. With only two handshakes, only the initiator’s sequence number would be confirmed, leaving the responder’s number unverified.

83. How does TCP packet sticking (sticky packets) occur? Sticky packets can be generated on the sender side when the Nagle algorithm merges small packets into a larger one before transmission, or on the receiver side when the application reads data slower than it arrives, causing multiple logical messages to be concatenated in the receive buffer.

84. The seven layers of the OSI model.

Application Layer – interface for network services and end users.

Presentation Layer – data representation, encryption, compression.

Session Layer – establishing, managing, terminating sessions.

Transport Layer – defines protocols, ports, flow control, error checking.

Network Layer – logical addressing and routing between networks.

Data Link Layer – logical link establishment, hardware addressing, error detection.

Physical Layer – creation, maintenance, and termination of physical connections.

85. Differences between GET and POST requests.

GET is safe for browser back navigation; POST may resubmit.

GET URLs can be bookmarked; POST cannot.

GET responses can be cached automatically; POST is not cached unless configured.

GET parameters are URL‑encoded; POST supports multiple encodings.

GET parameters appear in browser history; POST parameters do not.

GET URLs have length limits; POST does not.

GET only accepts ASCII characters; POST has no such restriction.

GET exposes parameters in the URL, making it less secure for sensitive data.

GET sends parameters in the URL; POST places them in the request body.

86. How to achieve cross‑origin requests?

Various methods are described:

Method 1 – Image ping or script tag: Using an <img> or <script> element to load resources from another domain (JSONP relies on the script tag).

Method 2 – JSONP: The server returns JavaScript that calls a callback function; the client loads it via a <script> tag. Limitations: only GET, no error callbacks, security concerns.

Method 3 – CORS: Server adds response headers such as:

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: POST, GET, OPTIONS

Access-Control-Allow-Headers: X-PINGOTHER, Content-Type

Access-Control-Max-Age: 86400

To include credentials, also send: Access-Control-Allow-Credentials: true and set withCredentials on the XHR.

Method 4 – window.name + iframe: Load a cross‑origin page in a hidden iframe, have that page set window.name with data, then read the value from the parent after navigation.

Method 5 – window.postMessage(): Use HTML5 postMessage to exchange messages between windows/iframes across origins. Example code is provided for setting, getting, and removing items in localStorage via postMessage.

Method 6 – document.domain (sub‑domain sharing): Set document.domain to a common parent domain for pages that share the same base domain.

Method 7 – WebSocket: WebSocket protocol allows full‑duplex communication and can bypass same‑origin restrictions.

Method 8 – Proxy server: Route requests through a same‑origin server that forwards them to the target domain.

87. JSONP implementation principle. JSONP works by dynamically creating a <script> tag whose src points to a cross‑origin URL that returns JavaScript code invoking a predefined callback function, thereby delivering data across domains.