Show Menu
Cheatography
  1. Home >
  2. Cheat Sheets >

The HTTP Protocol Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Web v1

No Authen­tic­ation
No encryption
Sessio­nless

HTTP/0.9

RFC
none
MEthod Supported
GET
Virtual Host Support
none
Responses
HTML only
1 GET = 1 TCP connection

HTTP/1.0

RFC
1945
Methods Supported
GET, HEAD, POST, PUT, DELETE
Responses
HTML, non-HTML (text, binary, images)
Virtual Host Support
none
Released in May '96, first formal HTTP standard. Formalized the misspe­lling of "­ref­err­er".

HTTP/1.1

RFC
2616, later replaced by 7230-7235
Methods Supported
GET, HEAD, POST, PUT, DELETE, OPTION
Virtual Host Support
Yes
Enabled persistent connec­tions. Host header is mandatory.

HTTP/2

Binary Protocol
Improved compre­ssion
Push Promise
Web server sends content without request
Multip­lexed
Requests and responses can be received in parallel
HPACK (RFC 7541)
Header compre­ssion
Encryption
Not required by default
Primary focus is faster perfor­mance.
  

Example HTTP 1.1 Request

GET /search HTTP/1.1

Accept: /

Accept-Language: en-us

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Host: www.google.com

Proxy-Connection: Keep-Alive

Cookies SESSIONID=c953ef6978d4525b35620e9f70234aa9; ANSWER=42;

Content-length: 0
This is a GET request.
The user agent string identifies the type of client software and summarizes its capabi­lities.
The cookie provides one or more state variables previously set by a server on this client.
The payload of this request has no content. Keep in mind the header ends with a blank line.

Example HTTP 1.1 Response

HTTP/1.1 200 OK

Content-Type: text/html;

charset=UTF-8

Server: Apache/2.4.7 (Ubuntu)

Date: Tue, 24 Oct 2017 15:51:10 GMT

Content-length: 6243
The status code is the result of the request.
Server token is the string returned by the web server identi­fying itself.
Server Time is the time stamp based on the server's time and date.
Content Length is the length of the response. The header ends with a blank line.
  

User-Agent

Mozill­a/5.0
Compliant with historical standards
Triden­t/7.0
rv:11.0 Internet Explorer 11.0
Windows NT 10
Windows 10
Windows NT 6.3
Windows 8.1/2012R2
Windows NT 6.2
Windows 8/2012
Windows NT 6.1
Windows 7/2008R2
Windows 6.0
Vista/2008
Web clients, often browsers.

Uniform Resource Identifier (URI)

Made of various pieces in the following order:
Protocol
userna­me:­pas­sword (blocked by modern web browsers)
Host and domain name
Port defaults
Actual resource on that server
Question mark
Often used interc­han­geably with URL

Query String Formats

Typical format
index.p­hp­?id­=42­&n­ame­=Be­ebl­ebrox
Apache's mod_re­write module
index.p­hp­/id­/42­/na­me/­Bee­blebrox
Data parsed by server­-side code
index.p­hp­/id­=42­$na­me=­Bee­blebrox
Data used by an app executed using a system call in the web app
index.p­hp­?pa­ram­=id­:42­&p­ara­m=n­ame­:Be­ebl­ebrox
Used to pass data via URL request, they are determined by the web applic­ation developer and/or the production enviro­nment running the applic­ation.