An HTTP message serves as the foundational unit of communication on the modern web, carrying instructions and data between clients and servers. Every time a user loads a webpage, an application fetches remote data, or a browser submits a form, these structured packets of information travel across the network. Understanding their composition reveals how stateless requests trigger stateful actions and how headers govern everything from caching to security.
Structure of an HTTP Message
At a high level, an HTTP message consists of a start-line, a set of headers, and an optional body. The start-line differs depending on whether the message is a request or a response, defining the method, target, and protocol version for requests, or the status code and reason phrase for responses. Headers provide metadata in a simple key-value format, controlling content type, length, authentication, and caching behavior. The body, when present, carries the actual payload, such as an HTML document, JSON payload, or uploaded file.
HTTP Request Messages
A request message begins with a request line that specifies the method, such as GET, POST, or DELETE, the request target, often a URL, and the HTTP version. Method semantics dictate behavior: GET retrieves representations safely, POST submits data for processing, and PUT or PATCH update resources idempotently or not. Headers like Host, User-Agent, and Accept guide the server in selecting appropriate responses, while cookies and authorization tokens maintain context across discrete transactions.
Common Request Methods and Headers
GET: Retrieves data without altering server state, typically cacheable.
POST: Submits data to the server, often causing state changes on the backend.
PUT: Replaces a target resource with the request body, idempotent by design.
DELETE: Removes the specified resource, subject to server configuration.
Headers such as Content-Type and Content-Length define the body format and size.
Authorization and Cookie headers preserve security context and session continuity.
HTTP Response Messages
After receiving and processing a request, a server sends a response message. The status line includes a three-digit status code that categorizes the outcome, such as 200 for success, 404 for not found, or 500 for server errors. Response headers describe the returned representation, including Content-Type, Content-Length, and caching directives like Cache-Control. The body may contain an HTML page, an error message, or binary data, depending on the request and server capabilities.
Status Code Classes and Semantics
1xx informational responses indicate early stages of the process, such as Continue.
2xx success codes confirm that the request was received, understood, and accepted.
3xx redirection codes instruct the client to take further action to fulfill the request.
4xx client errors signal issues with the request, such as malformed syntax or missing permissions.
5xx server errors indicate that the server failed to fulfill a valid request due to overload or misconfiguration.
Message Headers and Their Roles
Headers are the control plane of HTTP, carrying instructions that govern caching, compression, redirection, and security policies. General headers apply to both requests and responses, while request and response headers provide context specific to a direction. Representation headers describe the body, and entity headers detail metadata about stored representations, including last modification times and content encodings.
Critical Headers for Performance and Security
Cache-Control dictates freshness, revalidation, and storage rules for intermediaries.
Content-Security-Policy mitigates injection attacks by restricting resource sources.
Strict-Transport-Security enforces secure connections over HTTPS.
