Tutorials

Learn how to use HTTP with guides and tutorials.

Overview of HTTP: The basic features of the client-server protocol: what it can do and its intended uses.
HTTP Cache: Caching is very important for fast Web sites. This article describes different methods of caching and how to use HTTP Headers to control them.
HTTP Cookies: How cookies work is defined by RFC 6265. When serving an HTTP request, a server can send a Set-Cookie HTTP header with the response. The client then returns the cookie's value with every request to the same server in the form of a Cookie request header. The cookie can also be set to expire on a certain date, or restricted to a specific domain and path.
HTTP Access Control (CORS): Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request. For instance, an HTML page from Domain A (http://domaina.example/) makes a request for an image on Domain B (http://domainb.foo/image.jpg) via the img element. Web pages today very commonly load cross-site resources, including CSS stylesheets, images, scripts, and other resources. CORS allows web developers to control how their site reacts to cross-site requests.

Evolution of HTTP: A brief description of the changes between the early versions of HTTP, to the modern HTTP/2 and beyond.
Mozilla web security guidelines: A collection of tips to help operational teams with creating secure web applications.

HTTP Messages: Describes the type and structure of the different kind of messages of HTTP/1.x and HTTP/2.
A typical HTTP session: Shows and explains the flow of a usual HTTP session.
Connection management in HTTP/1.x: Describes the three connection management models available in HTTP/1.x, their strengths, and their weaknesses.

Reference

Browse through detailed HTTP reference documentation.

HTTP Headers: HTTP message headers are used to describe a resource, or the behavior of the server or the client. Custom proprietary headers can be added using the X- prefix; others in an IANA registry, whose original content was defined in RFC 4229. IANA also maintains a registry of proposed new HTTP message headers.
HTTP Request Methods: The different operations that can be done with HTTP: {{HTTPMethod("GET")}}, {{HTTPMethod("POST")}}, and also less common requests like {{HTTPMethod("OPTIONS")}}, {{HTTPMethod("DELETE")}}, or {{HTTPMethod("TRACE")}}.
HTTP Status Response Codes: HTTP response codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes: informational responses, successful responses, redirections, client errors, and servers errors.
CSP directives: The {{HTTPHeader("Content-Security-Policy")}} response header fields allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints.

Helpful tools and resources for understanding and debugging HTTP.

Firefox Developer Tools: Network monitor
Mozilla Observatory: A project designed to help developers, system administrators, and security professionals configure their sites safely and securely.
RedBot: Tools to check your cache-related headers
How Browsers Work: A very comprehensive article on browser internals and request flow through HTTP protocol. A MUST-READ for any web developer.