HTTP Cheat Sheet

Resources

• HTTP Reference from Mozilla
• You should definitely use the Firefox Network Monitor or the Chrome Developer Tools to view the HTTP requests sent and received by your web browser.

HTTP Messages

HTTP is a text-based protocol. All messages sent through it are regular text strings.

An HTTP message, be it a request or a response, is structured as follows:

Start line
Headers

Body

New lines should be formatted with the special characters \r\n, and the body is separated from the headers by an empty line.

HTTP Requests

HTTP requests (from a client to the server) have a start line with the following format:

METHOD URI HTTP_version

• Method is one of GET, POST, PUT, etc…
• URI is the address of the object requested. The URI can be:
  • A complete URL, e.g.,
    https://de.wikipedia.org/wiki/Hypertext_Transfer_Protocol
  • An absolute path, e.g.,
    /wiki/Hypertext_Transfer_Protocol
  • It can also be completed with a query string: a set of key=value queries separated from the URL/path by a ? and from each other by an &, e.g.,
    https://de.wikipedia.org/w/index.php?go=Artikel&search=test+search
• HTTP_version is the version of the HTTP protocol used, e.g., HTTP/1.1

Here are a couple examples of request start lines:

• GET /index.html HTTP/1.1
• POST / HTTP/1.1

Depending on the method, the body may be empty, e.g., for GET requests.

Note

The headers will be described later on.

Here is an example of a request sent by Firefox to open the home page of Wikipedia (without the cookies):

GET / HTTP/2
Host: de.wikipedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i

HTTP Response

HTTP responses are sent by the server to clients to reply to their requests. Their start line use the following format:

HTTP_version STATUS_CODE STATUS_TEXT

• HTTP_version is the version of the HTTP protocol used, e.g., HTTP/1.1
• STATUS_CODE is an integer indicating the success or failure of the request, e.g., 200, 403, 404
• STATUS_TEXT is a text string briefly detailing the status code for humans, e.g., "Not Found"

Here are a couple of examples of response start lines:

• HTTP/1.1 404 Not Found
• HTTP/1.1 200 OK
• HTTP/1.1 403 Forbidden

The body of a response is usually not empty, and contains the object asked in the request, e.g., the content of the web page in HTML.

Note

The headers will be described later on.

Here is the (partial) response from the server hosting Wikipedia to the Firefox request above:

HTTP/2 301 
date: Tue, 17 Sep 2024 14:18:58 GMT
server: mw-web.eqiad.canary-6b9cbdf457-58twc
x-content-type-options: nosniff
vary: Accept-Encoding,X-Forwarded-Proto,Cookie,Authorization
cache-control: s-maxage=1200, must-revalidate, max-age=0
last-modified: Tue, 17 Sep 2024 14:18:58 GMT
location: https://de.wikipedia.org/wiki/Wikipedia:Hauptseite
content-length: 0
content-type: text/html; charset=UTF-8
age: 1135
x-cache: cp3073 miss, cp3073 hit/884
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3073"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
set-cookie: NetworkProbeLimit=0.001;Path=/;Secure;SameSite=Lax;Max-Age=3600
X-Firefox-Spdy: h2

<!DOCTYPE html>
<html class="client-nojs" lang="de" dir="ltr">
<head>
<meta charset="UTF-8">
<title>Wikipedia – Die freie Enzyklopädie</title>
<script>(function(){var className="client-js";var cookie=document.cookie.match(/(?:^|; )dewikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":[",\t.",".\t,"],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy","wgMonthNames":["","Januar","Februar","März","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"],"wgRequestId":"0ba916d0-73cc-4356-a9c4-8a35a4011354","wgCanonicalNamespace":"Project","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":4,"wgPageName":"Wikipedia:Hauptseite","wgTitle":"Hauptseite","wgCurRevisionId":247114458,"wgRevisionId":247114458,"wgArticleId":5248757,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],
"wgCategories":["MediaWiki:Gadget/Hauptseite","MediaWiki:Gadget/Suchfokus-Hauptseite","Wikipedia:Hauptseite"],"wgPageViewLanguage":"de","wgPageContentLanguage":"de","wgPageContentModel":"wikitext","wgRelevantPageName":"Wikipedia:Hauptseite","wgRelevantArticleId":5248757,"wgIsProbablyEditable":false,"wgRelevantPageIsProbablyEditable":false,"wgRestrictionEdit":["sysop"],"wgRestrictionMove":["sysop"],"wgIsMainPage":true,"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":true,"wgFlaggedRevsParams":{"tags":{"accuracy":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":4,"wgVisualEditor":{"pageLanguageCode":"de","pageLanguageDir":"ltr","pageVariantFallbacks":"de"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":true,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":900,"wgULSCurrentAutonym":"Deutsch","wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,
"wgEditSubmitButtonLabelPublish":true,"wgDiscussionToolsFeaturesEnabled":{"replytool":true,"newtopictool":true,"sourcemodetoolbar":true,"topicsubscription":false,"autotopicsub":false,"visualenhancements":false,"visualenhancements_reply":false,"visualenhancements_pageframe":false},"wgDiscussionToolsFallbackEditMode":"visual","wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":true,"wgVector2022LanguageInHeader":false,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q5296","wgCheckUserClientHintsHeadersJsApi":["architecture","bitness","brands","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.gadget.citeRef":"ready","ext.gadget.defaultPlainlinks":"ready","ext.gadget.dewikiCommonHide":"ready","ext.gadget.dewikiCommonLayout":"ready","ext.gadget.dewikiCommonStyle":"ready",
"ext.gadget.Hauptseite":"ready","ext.gadget.NavFrame":"ready","ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.discussionTools.init.styles":"ready","oojs-ui-core.styles":"ready","oojs-ui.styles.indicators":"ready","mediawiki.widgets.styles":"ready","oojs-ui-core.icons":"ready","skins.vector.styles.legacy":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","codex-search-styles":"ready","ext.uls.interlanguage":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["site","mediawiki.page.ready","skins.vector.legacy.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.easyNewSection","ext.gadget.WikiMiniAtlas","ext.gadget.OpenStreetMap","ext.gadget.CommonsDirekt","ext.gadget.donateLink","ext.gadget.Hauptseite-Sprachen","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.head","mmv.bootstrap.autostart","ext.popups",
"ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.discussionTools.init","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.checkUser.clientHints","wikibase.sidebar.tracking"];</script>
<script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"});
}];});});</script>
<------- CUT HERE ------->

HTTP Response Status

You can find a list of response status codes and their meaning on this page.

HTTP Headers

HTTP headers contain a set of key: value elements separated by a newline. Most are optional, but they greatly help clients and server process the requests and responses.

Here is a list of some headers that you might want to implement:

• Server: The name of the web server application, e.g., Apache
• Content-Length: The length of the body in bytes, used when the body is not empty
• Content-Type: The type of the data contained in the body, e.g., text/html
• Content-Language: THe language code of the page, e.g, de or en
• Connection: Specifies whether the connection should be closed after the current transaction or kept alive, i.e., close or keep-alive
• Host: Host and port number of the server to which the request is sent in the format <host>:<port>. This header is mandatory in requests.

You can find the complete list of header on this page.

You can find example headers in the requests previously featured in this cheat sheet.