Request and Response: The Basic Exchange
Every HTTP interaction follows the same pattern: a client sends a request, a server sends a response. Your browser is the client. When you type a URL and press enter, the browser constructs an HTTP request and sends it to the web server at that address. The server processes it and sends back an HTTP response containing the resource — typically an HTML document, a JSON payload, an image, or a file.
An HTTP request has three parts: a request line (the method, the path, and the HTTP version), headers (key-value pairs providing metadata), and an optional body (for requests that send data). An HTTP response has a status line (the version and a numeric status code), headers, and a body containing the actual content.
For example, loading a web page might produce this minimal request:
GET /index.html HTTP/1.1
Host: example.com
Accept: text/htmlAnd the server might respond with 200 OK followed by headers and the HTML content. This exchange happens dozens or hundreds of times per page load — once for the HTML, then again for each stylesheet, script, image, and API call the page requires.
HTTP Methods
HTTP defines a set of methods (sometimes called verbs) that tell the server what action to perform on a resource:
| Method | Purpose | Has Body |
|---|---|---|
GET | Retrieve a resource | No |
POST | Submit data to create or trigger an action | Yes |
PUT | Replace a resource entirely | Yes |
DELETE | Remove a resource | No |
PATCH | Partially update a resource | Yes |
HEAD | Retrieve headers only, no body | No |
OPTIONS | Describe what methods the server supports | No |
GET is by far the most common. It retrieves resources without modifying anything on the server — it is "safe" in HTTP terminology. POST submits data, such as a form submission or an API call that creates a record. PUT and PATCH update existing resources, and DELETE removes them. HEAD is useful for checking whether a resource exists or has been modified without downloading its full content.
Status Codes
Every HTTP response includes a three-digit status code that tells the client what happened. The first digit indicates the category:
| Range | Meaning | Examples |
|---|---|---|
1xx | Informational — request received, continuing | 100 Continue, 101 Switching Protocols |
2xx | Success — request understood and fulfilled | 200 OK, 201 Created, 204 No Content |
3xx | Redirection — further action needed | 301 Moved Permanently, 302 Found, 304 Not Modified |
4xx | Client error — bad request from the client | 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found |
5xx | Server error — server failed to fulfill a valid request | 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable |
Understanding status codes helps diagnose problems immediately. A 404 means the URL is wrong or the content was removed — a client-side problem. A 500 means the server crashed processing a valid request — a server-side problem. A 301 tells your browser to update its bookmark permanently; a 302 is a temporary redirect.
HTTP Headers
Headers carry metadata that neither the URL nor the body captures. Request headers tell the server about the client and what it wants. Response headers tell the client how to handle the response. Both can carry security directives, caching instructions, and authentication tokens.
Common request headers include Host (required in HTTP/1.1 — the domain name being requested), Accept (what content types the client can handle), Authorization (credentials for authenticated requests), Cookie (session data sent back to the server), and User-Agent (a string identifying the browser and OS).
Common response headers include Content-Type (what kind of data is in the body — text/html, application/json, image/webp), Cache-Control (how long the client can cache the response), Set-Cookie (storing a cookie in the browser), and Location (the redirect target for 3xx responses). Security headers like Strict-Transport-Security and Content-Security-Policy are also delivered as response headers.
Why HTTP Is Stateless (and What That Means)
HTTP is stateless by design: each request is completely independent. The server does not remember anything about previous requests from the same client. When your browser loads a page and then clicks a link, the second request carries no built-in memory of the first. The server treats it as if it has never seen you before.
This design was intentional. Stateless servers are simpler to scale — any server can handle any request, because no session state is stored on the server itself. But web applications need state — you need to stay logged in between page loads, keep items in a shopping cart, and remember your preferences.
Applications solve this by attaching state identifiers to every request. Cookies are the oldest mechanism: the server sends a Set-Cookie header on the first response, and the browser sends that cookie back with every subsequent request to the same domain. The server maps the cookie value to a session record in its own database. Modern APIs often use bearer tokens in the Authorization header instead. In both cases, HTTP itself remains stateless — the illusion of continuity is created by the application layer on top.
Frequently Asked Questions
What does HTTP stand for?
HTTP stands for HyperText Transfer Protocol. It is the application-layer protocol used to transfer web pages, API data, images, and other resources between browsers and web servers. HTTP was first defined by Tim Berners-Lee at CERN in 1989 and has evolved through three major versions.
What is the most common HTTP method?
GET is the most common HTTP method. It is used to request a resource from a server without modifying anything. Every time you load a web page or click a link, your browser sends a GET request. GET requests have no request body and their parameters are passed in the URL query string.
What does a 404 error mean?
A 404 status code means "Not Found" — the server understood the request but could not find the requested resource at that URL. It does not mean the server is down; it means the specific page or file does not exist or has been moved. A 404 is a client error (4xx range) because the client requested a URL that does not exist.
What is an HTTP header?
An HTTP header is a key-value pair sent in a request or response that provides metadata about the message. Request headers tell the server about the client (Accept-Language, User-Agent, Authorization). Response headers tell the client about the response (Content-Type, Cache-Control, Set-Cookie). Headers appear as plain text before the message body.
What is the difference between GET and POST?
GET retrieves a resource and sends any parameters in the URL. It has no request body, is safe (does not change server state), and is idempotent (repeating it has the same effect). POST submits data to the server in the request body and is used for creating resources, submitting forms, or triggering actions that change server state. POST is neither safe nor idempotent.
What does stateless mean in HTTP?
Stateless means each HTTP request is independent — the server retains no memory of previous requests from the same client. Every request must include all the information the server needs to respond. To maintain state across requests (for logins, shopping carts), applications use cookies, session tokens, or server-side session stores referenced in each request.