Methods, status codes, headers, CORS, cookies, and caching — everything in the browser's Network tab explained.
Learn the core concepts of HTTP Deep Dive and apply them in practical exercises.
GET → retrieve a resource (no body) POST → create a resource (has a body) PUT → replace a resource entirely PATCH → partial update DELETE → delete a resource HEAD → like GET but returns only headers OPTIONS → preflight for CORS, returns allowed methods
# 2xx Success 200 OK 201 Created 204 No Content # 3xx Redirect 301 Moved Permanently 302 Found (temporary redirect) 304 Not Modified (use cache) # 4xx Client Error 400 Bad Request 401 Unauthorized (not authenticated) 403 Forbidden (authenticated but not allowed) 404 Not Found 422 Unprocessable Entity (validation failed) 429 Too Many Requests # 5xx Server Error 500 Internal Server Error 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout
# Request headers Authorization: BearerContent-Type: application/json Accept: application/json Cookie: session=abc123 Origin: https://myfrontend.com # Response headers Content-Type: application/json; charset=utf-8 Set-Cookie: session=abc123; HttpOnly; Secure; SameSite=Lax Access-Control-Allow-Origin: https://myfrontend.com Cache-Control: max-age=3600 X-RateLimit-Remaining: 47
# Browser blocks cross-origin requests by default # Server opts in by sending: Access-Control-Allow-Origin: https://myfrontend.com Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Allow-Headers: Content-Type, Authorization # Preflight (OPTIONS) happens first for non-simple requests # curl shows what the browser hides: curl -v -X OPTIONS https://api.example.com/users \ -H 'Origin: https://myfrontend.com'
Before moving on, confirm understanding of these key concepts: