HTTP, the HyperText Transfer Protocol, is the set of rules browsers and servers use to request and send web pages and data. When you open a page, your browser sends an HTTP request to a server, and the server sends back an HTTP response containing the page or data. Every click, image load, and API call on the web follows this same request-then-response pattern. It is the language the web speaks. This explainer covers how a request works, the main methods, what status codes mean, and how HTTP relates to HTTPS.
How an HTTP exchange works
An HTTP exchange has two halves. The client sends a request that names a method (what it wants to do), a URL (what resource), headers (extra information like the content type), and sometimes a body (data being sent). The server processes it and returns a response with a status code (what happened), its own headers, and usually a body (the page or data). Before any of this, the browser uses DNS to resolve the domain name into the server address it connects to.
HTTP methods
| Method |
Intent |
Typical use |
| GET |
Read data |
Load a page or fetch a record |
| POST |
Create or submit |
Submit a form, create a record |
| PUT |
Replace |
Update an entire resource |
| PATCH |
Modify partly |
Update some fields |
| DELETE |
Remove |
Delete a resource |
These methods are the backbone of how web APIs are designed. A well-built REST API maps these methods onto reading and changing resources in a predictable way.
HTTP status codes
The server answers every request with a three-digit status code, and the first digit tells you the category:
// status code families at a glance
2xx -- success (200 OK, 201 Created)
3xx -- redirect (301 Moved, 304 Not Modified)
4xx -- client error (404 Not Found, 403 Forbidden)
5xx -- server error (500 Internal, 503 Unavailable)
When something breaks, the status code is your first clue. A 4xx means your request was wrong; a 5xx means the server failed. Learning the common ones saves hours of guessing.
How to think about it
- Picture the round trip. Client requests, server responds, every single time.
- Match method to intent. Use GET to read and POST to create rather than overloading one method.
- Read the status code first. It narrows a problem to client side or server side instantly.
- Notice headers. Content type, caching, and authentication all ride in headers.
- Move to HTTPS for anything real. Plain HTTP sends data in the clear.
What to skip
- Do not obsess over protocol versions early. Understand the request-response model before HTTP/2 and HTTP/3 details.
- Do not send sensitive data over plain HTTP. It is unencrypted; use HTTPS.
- Do not misuse GET for changes. GET should read, not create or modify, or caching and crawlers will surprise you.
- Do not ignore status codes in your own APIs. Returning the right code makes clients far easier to build.
FAQ
What does HTTP stand for?
HyperText Transfer Protocol. It is the rule set that browsers and servers use to exchange web pages and data through requests and responses.
What is the difference between HTTP and HTTPS?
HTTPS is HTTP with encryption added, so the data exchanged cannot be read or tampered with in transit. Modern sites should use HTTPS.
What does a 404 mean?
It is an HTTP status code meaning the requested resource was not found on the server. It is a client-side category error, the 4xx family.
Is HTTP only for web pages?
No. It also carries API data, images, scripts, and more. Many applications talk to servers over HTTP without ever showing a traditional web page.
Where to go next
Add encryption with what HTTPS is, see how names resolve before a request with DNS, and learn how APIs use HTTP methods in what a REST API is.