HomeNetworking for DevelopersDay 2
Day 2 of 5
⏱ ~60 minutes
Networking for Developers — Day 2

HTTP Deep Dive

Methods, status codes, headers, CORS, cookies, and caching — everything in the browser's Network tab explained.

HTTP Methods

HTTP Methods
GET     → retrieve a resource (no body)
POST    → create a resource (has a body)
PUT     → replace a resource entirely
PATCH   → partial update
DELETE  → delete a resource
HEAD    → like GET but returns only headers
OPTIONS → preflight for CORS, returns allowed methods
Status Codes
# 2xx Success
200 OK
201 Created
204 No Content

# 3xx Redirect
301 Moved Permanently
302 Found (temporary redirect)
304 Not Modified (use cache)

# 4xx Client Error
400 Bad Request
401 Unauthorized (not authenticated)
403 Forbidden (authenticated but not allowed)
404 Not Found
422 Unprocessable Entity (validation failed)
429 Too Many Requests

# 5xx Server Error
500 Internal Server Error
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
Important Headers
# Request headers
Authorization: Bearer 
Content-Type: application/json
Accept: application/json
Cookie: session=abc123
Origin: https://myfrontend.com

# Response headers
Content-Type: application/json; charset=utf-8
Set-Cookie: session=abc123; HttpOnly; Secure; SameSite=Lax
Access-Control-Allow-Origin: https://myfrontend.com
Cache-Control: max-age=3600
X-RateLimit-Remaining: 47
CORS in a nutshell
# Browser blocks cross-origin requests by default
# Server opts in by sending:
Access-Control-Allow-Origin: https://myfrontend.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Content-Type, Authorization

# Preflight (OPTIONS) happens first for non-simple requests
# curl shows what the browser hides:
curl -v -X OPTIONS https://api.example.com/users \
  -H 'Origin: https://myfrontend.com'
📝 Day 2 Exercise
Read HTTP Headers
  1. O
  2. p
  3. e
  4. n
  6. b
  7. r
  8. o
  9. w
  10. s
  11. e
  12. r
  14. D
  15. e
  16. v
  17. T
  18. o
  19. o
  20. l
  21. s
  25. N
  26. e
  27. t
  28. w
  29. o
  30. r
  31. k
  33. t
  34. a
  35. b
  36. .
  38. L
  39. o
  40. a
  41. d
  43. a
  45. s
  46. i
  47. t
  48. e
  50. a
  51. n
  52. d
  54. f
  55. i
  56. n
  57. d
  58. :
  60. t
  61. h
  62. e
  64. C
  65. o
  66. n
  67. t
  68. e
  69. n
  70. t
  71. -
  72. T
  73. y
  74. p
  75. e
  77. o
  78. f
  80. t
  81. h
  82. e
  84. H
  85. T
  86. M
  87. L
  89. r
  90. e
  91. s
  92. p
  93. o
  94. n
  95. s
  96. e
  97. ,
  99. t
  100. h
  101. e
  103. S
  104. e
  105. t
  106. -
  107. C
  108. o
  109. o
  110. k
  111. i
  112. e
  114. h
  115. e
  116. a
  117. d
  118. e
  119. r
  120. ,
  122. a
  123. n
  124. y
  126. C
  127. O
  128. R
  129. S
  131. h
  132. e
  133. a
  134. d
  135. e
  136. r
  137. s
  138. ,
  140. a
  141. n
  142. d
  144. a
  146. 3
  147. 0
  148. 4
  150. N
  151. o
  152. t
  154. M
  155. o
  156. d
  157. i
  158. f
  159. i
  160. e
  161. d
  163. r
  164. e
  165. s
  166. p
  167. o
  168. n
  169. s
  170. e
  172. (
  173. r
  174. e
  175. l
  176. o
  177. a
  178. d
  180. t
  181. h
  182. e
  184. p
  185. a
  186. g
  187. e
  188. )
  189. .

Day 2 Summary

  • GET = read. POST = create. PUT = replace. PATCH = update. DELETE = remove. Use them correctly.
  • 401 = not logged in. 403 = logged in but not allowed. 404 = not found. 500 = server broke.
  • CORS: browsers block cross-origin requests unless the server explicitly allows them.
  • Cache-Control: max-age=3600 tells the browser to cache for 1 hour. 304 = use the cached version.
← Previous
Day 1: How the Internet Works
Next →
Day 3: TCP/IP and Ports
Finished this lesson?