HTTP guides
This page lists guides for HTTP. They're intended to help you understand what kinds of things are possible using the HTTP protocol.
- A typical HTTP session
In client-server protocols, like HTTP, sessions consist of three phases:
- Browser detection using the user agent string (UA sniffing)
Along with every request to a server, browsers include a
User-AgentHTTP header with a value called a user agent (UA) string. This string is intended to identify the browser, its version number, and its host operating system.- Compression Dictionary Transport
Compression Dictionary Transport is a way of using a shared compression dictionary to dramatically reduce the transport size of HTTP responses.
- Compression in HTTP
Compression is an important way to increase the performance of a website. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs. Over the years, algorithms also got more efficient, and new ones are supported by clients and servers.
- Connection management in HTTP/1.x
Connection management is a key topic in HTTP: opening and maintaining connections largely impacts the performance of websites and Web applications. In HTTP/1.x, there are several models: short-lived connections, persistent connections, and HTTP pipelining.
- Content negotiation
In HTTP, content negotiation is the mechanism that is used for serving different representations of a resource to the same URI to help the user agent specify which representation is best suited for the user (for example, which document language, which image format, or which content encoding).
- Content Security Policy (CSP)
Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. It consists of a series of instructions from a website to a browser, which instruct the browser to place restrictions on the things that the code comprising the site is allowed to do.
- Cross-Origin Resource Policy (CORP)
Cross-Origin Resource Policy is a policy set by the
Cross-Origin-Resource-PolicyHTTP header that lets websites and applications opt in to protection against certain requests from other origins (such as those issued with elements like