1. Library
  2. Http and the Web
  3. Fundamentals

What Is HTTP and How Does It Work?

Updated 10 hours ago

The web is a conversation. Every page you've ever seen started with your browser asking a question and a server answering it.

That conversation follows a protocol—HTTP, the HyperText Transfer Protocol. It's the language browsers and servers speak to exchange web pages, images, videos, and data. Understanding HTTP means understanding how the web actually works: not as magic, but as a remarkably simple dialogue repeated billions of times per day.

What HTTP Actually Does

HTTP defines how to ask for things and how to respond. That's it. A client (your browser) sends a request: "Give me the page at /about." A server sends a response: "Here it is" or "I couldn't find that" or "You're not allowed to see this."

Tim Berners-Lee created HTTP in 1989 as part of the original World Wide Web. The protocol has evolved through several versions, but the core remains unchanged: request, response, done.

HTTP runs on top of TCP, which handles the messy work of actually delivering data across the Internet. When you add TLS encryption, HTTP becomes HTTPS—the secure version that protects your communication from eavesdroppers. But the conversation itself stays the same.

The Anatomy of a Request

When you click a link, your browser constructs an HTTP request with three parts:

The request line states what you want: the method (GET to retrieve something, POST to submit something), the path (/products/shoes), and the HTTP version.

Headers provide context: what content types your browser understands, what language you prefer, whether you're logged in, which page referred you here.

The body carries data when you're sending something—form submissions, file uploads, API calls. GET requests typically don't have bodies; POST requests usually do.

A real request might look like this:

GET /articles/http HTTP/1.1
Host: connected.app
Accept: text/html
Accept-Language: en-US

Four lines. That's all it takes to ask for a webpage.

The Anatomy of a Response

The server's response mirrors this structure:

The status line announces the outcome: HTTP version, a three-digit status code, and a human-readable message. You've seen these codes—200 means success, 404 means not found, 500 means the server broke.

Headers describe what's coming: content type, size, caching rules, when it was last modified.

The body contains the actual content—HTML, JSON, an image, whatever you asked for.

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4523

<!DOCTYPE html>...

Request, response, conversation complete.

The Goldfish Protocol

HTTP is stateless—it has the memory of a goldfish. Every request arrives as if it's the first time you've ever met. The server doesn't remember you clicked "Add to Cart" three seconds ago.

This sounds like a design flaw. It's actually a superpower.

Statelessness means servers don't need to track millions of ongoing conversations. Any server can handle any request. If one server crashes, another picks up seamlessly. The protocol stays simple, fast, and scalable.

But the web needs memory. Shopping carts, logins, preferences—these require knowing who you are across multiple requests. So we built memory on top of the goldfish:

Cookies are small pieces of data servers ask browsers to remember and send back with future requests. "Here's a session ID—include it next time so I know it's you."

Sessions connect those cookies to server-side storage. The cookie says "user-12345"; the server looks up what user-12345 has in their cart.

Tokens encode information directly, so servers can verify your identity without looking anything up.

HTTP stays stateless. Everything built on top adds just enough state to be useful.

Methods Mean Things

HTTP methods aren't arbitrary—they carry semantic meaning:

GET retrieves without changing anything. Safe to repeat, safe to cache, safe to prefetch. When you load a page, your browser sends GET requests for HTML, CSS, JavaScript, images—everything needed to display it.

POST submits data and may change things. Creating accounts, posting comments, processing payments. Not safe to repeat blindly—refreshing a POST might submit your order twice.

PUT replaces a resource entirely. PATCH modifies it partially. DELETE removes it.

HEAD asks for headers only, without the body—useful for checking if something changed without downloading it again.

OPTIONS asks what methods are allowed—important when JavaScript from one domain wants to talk to another.

Browsers and servers use these semantics to make smart decisions. GET responses can be cached aggressively. POST requests need confirmation before retry. The meaning is in the method.

The Layers Beneath

HTTP doesn't deliver itself. It hands messages to TCP, which breaks them into packets, sends them across the Internet, reassembles them in order, and retransmits anything that gets lost. HTTP just writes and reads; TCP handles the journey.

For HTTPS, TLS sits between HTTP and TCP. Before any HTTP conversation begins, client and server perform a TLS handshake: verify identity through certificates, agree on encryption, exchange keys. Then every HTTP message gets encrypted before TCP touches it and decrypted on arrival.

This layering is elegant. HTTP focuses on conversation structure. TLS provides security. TCP ensures reliability. Each layer does one job well, and they combine into something more powerful than any could be alone.

What Happens When You Load a Page

You type a URL and press Enter. Here's the conversation that follows:

  1. Your browser asks DNS for the server's IP address
  2. It opens a TCP connection (plus TLS handshake for HTTPS)
  3. It sends a GET request for the HTML document
  4. The server responds with HTML
  5. Your browser parses the HTML and discovers it needs CSS, JavaScript, images
  6. It sends parallel GET requests for each resource
  7. As responses arrive, it applies CSS, executes JavaScript, displays images
  8. JavaScript might trigger more requests for data
  9. The page renders complete

A "simple" webpage might involve 50-100 HTTP requests. A complex web application, hundreds. Each one follows the same pattern: request, response, done.

Key Takeaways

HTTP is a conversation protocol—clients ask, servers answer. Its stateless design provides scalability while cookies and sessions add the memory web applications need. Methods carry semantic meaning that enables caching, security, and optimization. TCP delivers the messages reliably; TLS encrypts them securely. Every webpage you've ever loaded was assembled from dozens or hundreds of these simple exchanges, each one following the same request-response pattern HTTP has used since 1989.

The protocol is almost absurdly simple. That simplicity is why it scaled to become the foundation of the modern web.

Frequently Asked Questions About HTTP

Was this page helpful?

😔
🤨
😃
What Is HTTP and How Does It Work? • Library • Connected