Site Updates
Changelog
Recent additions and updates — new guides, comparisons, reference pages, and content improvements. Updated as new content is published.
February 2026
301 vs 302 Redirects
Understand the difference between 301 Moved Permanently and 302 Found redirects. Learn when to use each, how browsers cache them, and their SEO implications.
304 Not Modified vs 200 OK
Understand when servers return 304 Not Modified instead of 200 OK. Learn how conditional requests, ETags, and Last-Modified headers enable efficient HTTP caching.
401 vs 403: Authentication vs Authorization
Understand the difference between 401 Unauthorized and 403 Forbidden. Learn when each status code applies, common mistakes, and how to use them correctly in APIs.
Cookie-Based vs Session-Based Authentication
Compare cookie-based and session-based authentication. Understand where state lives, security tradeoffs, scalability implications, and when to use each approach.
CORS vs CSP
Understand the difference between CORS and Content Security Policy. Both are browser security mechanisms but they protect against completely different threats.
GET vs POST
Understand the fundamental differences between GET and POST HTTP methods. Learn about safety, idempotency, caching, request bodies, and when to use each.
HTTP/1.1 vs HTTP/2
Compare HTTP/1.1 and HTTP/2. Understand multiplexing, header compression, server push, and when upgrading to HTTP/2 actually improves performance.
Permissions-Policy vs Feature-Policy
Understand the differences between Permissions-Policy and Feature-Policy headers. Compare syntax changes for geolocation, microphone, camera directives and learn how to migrate.
PUT vs PATCH
Understand the difference between PUT and PATCH HTTP methods. Learn when to use full replacement vs partial update, and how each affects idempotency and API design.
HTTPS and TLS: How Secure Connections Work
Beginner-to-advanced guide to HTTP vs HTTPS, TLS basics, migration checklists, and HTTP/1.1 vs HTTP/2 tradeoffs for production systems.
January 2026
HTTP DELETE Method: Remove Resources
Learn how the HTTP DELETE method works, when to use it, and best practices for deleting resources in REST APIs.
HTTP GET Method: Complete Guide with Examples
Learn how the HTTP GET method works. Understand when to use GET requests, query parameters, caching, and best practices with real-world examples.
HTTP POST Method: Complete Guide with Examples
Learn how the HTTP POST method works. Understand when to use POST requests, request bodies, form submissions, and API calls with practical examples.
HTTP PUT Method: Update Resources
Learn how the HTTP PUT method works, when to use PUT vs POST vs PATCH, and best practices for updating resources in REST APIs.
HTTP 200 OK: Success Response Explained
Learn what HTTP 200 OK means, when servers return it, and how to handle successful responses in your applications.
201 Created
Resource successfully created. Learn when to use 201 Created, proper response format, and best practices for creation endpoints.
HTTP 301 Moved Permanently: Permanent Redirect
Learn what 301 redirect means, when to use it vs 302, and how to implement permanent redirects for SEO and URL changes.
HTTP 302 Found: Temporary Redirect
Learn what 302 redirect means, when to use temporary vs permanent redirects, and how 302 differs from 301, 307, and 308.
HTTP 401 Unauthorized: Authentication Required
Learn what 401 Unauthorized means, why it happens, and how to fix authentication errors. Complete guide with examples for APIs and web applications.
HTTP 403 Forbidden: Access Denied
Learn what 403 Forbidden means, why access is denied, and how to fix permission errors. Complete guide with examples for APIs and web applications.
HTTP 404 Not Found: What It Means and How to Fix It
Learn what a 404 Not Found error means, why it happens, and how to fix it. Complete guide with examples for developers and users.
HTTP 429 Too Many Requests: Rate Limiting
Learn what 429 Too Many Requests means, how rate limiting works, and how to handle API throttling in your applications.
HTTP 500 Internal Server Error: Causes and Solutions
Learn what HTTP 500 Internal Server Error means, common causes, and how to fix it. Complete troubleshooting guide for developers.
HTTP 502 Bad Gateway: Server Communication Error
Learn what 502 Bad Gateway means, why it happens, and how to fix it. Guide covering proxy errors, upstream failures, and troubleshooting.
HTTP 503 Service Unavailable: Server Overloaded
Learn what 503 Service Unavailable means, why servers become unavailable, and how to handle temporary outages gracefully.
Authorization Header: HTTP Authentication
Learn how the Authorization header works, different authentication schemes (Bearer, Basic, API keys), and security best practices.
Cache-Control Header: Complete HTTP Caching Guide
Master the Cache-Control header. Learn how to control browser and CDN caching with max-age, no-cache, no-store, and other directives.
Content-Type Header: Complete Guide to MIME Types
Learn how the Content-Type header works. Understand MIME types, charset encoding, and how to set the correct content type for APIs, forms, and file uploads.
Upgrade Header
Learn how the Upgrade header requests protocol upgrades to WebSocket, HTTP/2, or other protocols on the same TCP connection. Understand upgrade negotiation.
Domain
Learn how the Domain cookie attribute controls which domains can access cookies. Understand subdomain sharing, security implications, and restrictions.
HttpOnly Cookie Attribute: XSS Protection
Learn how the HttpOnly cookie attribute protects against XSS attacks by preventing JavaScript access to sensitive cookies.
SameSite Cookie Attribute: CSRF Protection
Learn how the SameSite cookie attribute prevents CSRF attacks, the differences between Strict, Lax, and None, and when to use each.
HTTP Cookie
Learn what HTTP cookies are and how browsers store small data pieces for websites. Understand cookie attributes, security, and session management.
HTTP Error Handling
Learn HTTP error handling best practices for detecting, managing, and responding to errors gracefully. Understand status codes, retry logic, and user feedback.
How HTTP Works: The Complete Guide
Learn how HTTP works with interactive examples. Understand requests, responses, methods, headers, status codes, and the complete request lifecycle in minutes.
HTTP HEAD Method
Learn how HTTP HEAD requests retrieve resource metadata (headers) without downloading the body. Useful for checking existence, size, and modification dates.
HTTP OPTIONS Method
Learn how HTTP OPTIONS requests discover server capabilities, supported methods, and handle CORS preflight checks for cross-origin requests.
HTTP PATCH Method
Learn how HTTP PATCH requests apply partial modifications to resources. Understand JSON Patch, merge patch formats, and when to use PATCH vs PUT.
100 Continue
The server received the request headers and the client should proceed to send the body. Learn when and how to use 100 Continue for efficient large uploads.
101 Switching Protocols
The server is switching to a different protocol as requested by the client. Learn about WebSocket upgrades and protocol negotiation.
102 Processing
The server has accepted the request and is processing it, but no response is available yet. Learn about this WebDAV status code for long-running operations.
103 Early Hints
The server sends preliminary response headers to help the client start preloading resources. Learn how 103 Early Hints improves page load performance.
202 Accepted
The request was accepted for processing but not completed yet. Learn when to use 202 for asynchronous operations.
204 No Content
The request succeeded with no response body. Learn when to use 204 No Content for successful operations that don't return data.
300 Multiple Choices
The request has multiple possible responses. Learn when to use 300 Multiple Choices for content negotiation and alternative resource locations.
303 See Other
Redirect to a different resource using GET. Learn when to use 303 to prevent form resubmission and implement the Post-Redirect-Get pattern.
304 Not Modified
Cached response is still valid. Learn how 304 Not Modified improves performance through conditional requests and caching.
307 Temporary Redirect
Temporary redirect that preserves the HTTP method. Learn when to use 307 instead of 302 for method-sensitive redirects.
308 Permanent Redirect
Permanent redirect that preserves the HTTP method. Learn when to use 308 instead of 301 for method-sensitive permanent redirects.
400 Bad Request
Learn what 400 Bad Request means when servers reject malformed requests. Understand common causes like invalid JSON, missing parameters, and how to debug.
402 Payment Required
Reserved for future use in digital payment systems. Learn about this experimental status code and modern payment verification alternatives.
405 Method Not Allowed
Learn what 405 Method Not Allowed means when HTTP methods are rejected. Understand the Allow header, proper API design, and how to handle method restrictions.
406 Not Acceptable
The server cannot produce a response matching the client's Accept headers. Learn about content negotiation and how to handle format mismatches.
408 Request Timeout
Learn what 408 Request Timeout means when servers close idle connections. Understand timeout causes, client retry strategies, and connection management.
409 Conflict
Learn what 409 Conflict means when requests conflict with server state. Understand concurrent updates, version conflicts, and optimistic locking strategies.
410 Gone
Learn what 410 Gone means and when resources are permanently removed. Understand the difference between 410 and 404, and SEO implications for deleted content.
412 Precondition Failed
The server doesn't meet one or more preconditions specified in request headers. Learn about conditional requests and how to prevent conflicts.
413 Payload Too Large
The request body is too large for the server to process. Learn about size limits and how to handle large uploads.
414 URI Too Long
The requested URI exceeds the server's maximum length limit. Learn about URI length limits and how to handle oversized requests.
415 Unsupported Media Type
The server doesn't support the media type of the request. Learn about Content-Type headers and format requirements.
422 Unprocessable Entity
Learn what 422 Unprocessable Entity means for semantically invalid requests. Understand validation errors, the difference from 400, and proper error handling.
423 Locked
The resource is locked and cannot be accessed or modified. Learn about WebDAV locks and how to handle locked resources.
426 Upgrade Required
The server refuses to perform the request using the current protocol and requires the client to upgrade to a different protocol.
428 Precondition Required
The server requires the request to be conditional. Learn when to use 428 Precondition Required to prevent lost updates and race conditions.
431 Request Header Fields Too Large
The server refuses to process the request because header fields are too large. Learn how to handle and prevent 431 errors in your applications.
451 Unavailable For Legal Reasons
The requested resource is unavailable due to legal demands. Learn about 451 status code used for censorship and content blocking.
501 Not Implemented
The server doesn't support the functionality required to fulfill the request. Learn about unimplemented features.
504 Gateway Timeout
The gateway timed out waiting for a response from an upstream server. Learn about timeout issues and solutions.
505 HTTP Version Not Supported
Learn what 505 HTTP Version Not Supported means when servers reject protocol versions. Understand HTTP/1.1, HTTP/2 compatibility and version negotiation.
507 Insufficient Storage
The server cannot store the representation needed to complete the request. Learn about storage limitations in WebDAV and file upload scenarios.
520 Web Server Returned an Unknown Error
Cloudflare-specific error when the origin server returns an unexpected response. Learn about 520 errors and how to troubleshoot them.
521 Web Server Is Down
Cloudflare-specific status code indicating the origin server refused the connection. Learn about this proxy error and how to troubleshoot it.
522 Connection Timed Out
Cloudflare-specific error when unable to establish a TCP connection to the origin server. Learn how to diagnose and fix 522 timeout errors.
523 Origin Is Unreachable
Cloudflare-specific error when the origin server's IP address is unreachable. Learn about DNS and routing issues causing 523 errors.
524 A Timeout Occurred
Cloudflare-specific error when the origin server takes too long to respond. Learn how to diagnose and fix 524 timeout errors.
Accept Header
Learn how the Accept header tells servers which content types (JSON, HTML, XML) your client can handle. Master content negotiation and quality values.
Accept-Encoding Header
Learn how Accept-Encoding tells servers which compression formats (gzip, br, deflate) your client supports to reduce bandwidth and speed up page loads.
Accept-Language Header
Learn how the Accept-Language header tells servers which languages your client prefers for localized content. Understand language tags and quality values.
Accept-Ranges Header
Learn how the Accept-Ranges header tells clients whether your server supports partial content requests (byte ranges) for efficient downloads and streaming.
Access-Control-Allow-Credentials Header
Learn how Access-Control-Allow-Credentials controls whether browsers expose responses when credentials (cookies, auth headers) are included in CORS requests.
Access-Control-Allow-Headers Header
Learn how Access-Control-Allow-Headers specifies which custom HTTP headers can be used during cross-origin requests in CORS preflight responses.
Access-Control-Allow-Methods Header
Learn how Access-Control-Allow-Methods specifies which HTTP methods are permitted for cross-origin requests in CORS preflight responses.
Access-Control-Allow-Origin
Learn how Access-Control-Allow-Origin controls which origins can access resources in CORS. Covers wildcard, specific origin, and credential configurations.
Access-Control-Max-Age Header
Learn how Access-Control-Max-Age specifies how long browsers can cache CORS preflight results. Reduce preflight requests and improve cross-origin performance.
Access-Control-Request-Headers Header
Learn how Access-Control-Request-Headers tells servers which custom headers will be used in CORS requests. Essential for preflight request handling.
Access-Control-Request-Method Header
Learn how Access-Control-Request-Method tells servers which HTTP method will be used in the actual CORS request. Essential for preflight request handling.
Age Header
Learn how the Age header indicates how long a response has been cached in seconds. Understand cache freshness calculations and CDN behavior.
Authentication-Info Header
Learn how Authentication-Info provides additional authentication data in responses to successful requests. Covers digest authentication and session info.
Connection Header
Learn how the Connection header controls whether HTTP connections stay open (keep-alive) or close after each request. Optimize with persistent connections.
Content-Disposition Header
Learn how the Content-Disposition header controls whether content displays inline or downloads as an attachment. Set custom filenames for file downloads.
Content-Encoding
Learn how Content-Encoding specifies compression algorithms (gzip, br, deflate) used to encode response bodies. Reduce bandwidth and improve load times.
Content-Language Header
Learn how the Content-Language header specifies the natural language(s) of response content. Understand language tags and internationalization best practices.
Content-Length
Learn how Content-Length specifies the body size in bytes. Essential for progress indicators, connection management, and chunked transfer decisions.
Content-Location Header
Learn how Content-Location indicates an alternate URL for returned content. Useful for content negotiation and identifying canonical resource locations.
Content-Range Header
Learn how the Content-Range header indicates which portion of a resource is being sent in partial content (206) responses for range requests and streaming.
Content-Security-Policy Header
Learn how Content-Security-Policy (CSP) defines security policies to prevent XSS, clickjacking, and code injection. Master CSP directives and best practices.
Cookie Header
Learn how the Cookie header sends stored cookies to servers with each request. Understand cookie transmission, session management, and security considerations.
Cross-Origin-Embedder-Policy
Learn how Cross-Origin-Embedder-Policy (COEP) controls cross-origin resource loading. Required for SharedArrayBuffer and high-resolution timer access.
Cross-Origin-Opener-Policy
Learn how Cross-Origin-Opener-Policy (COOP) isolates your browsing context from cross-origin documents. Required for SharedArrayBuffer and enhanced security.
Cross-Origin-Resource-Policy
Learn how Cross-Origin-Resource-Policy (CORP) blocks no-cors cross-origin requests to protect resources from Spectre attacks and data leaks.
Date Header
Learn how the Date header specifies when the HTTP message was originated by the server. Understand date formats and its role in caching and logging.
Early-Hints
Learn how 103 Early Hints allows servers to send preload hints while preparing the main response. Improve page load performance with early resource loading.
ETag
Learn how the ETag header provides a unique identifier for resource versions, enabling efficient cache validation and conditional requests to reduce bandwidth.
Expires Header
Learn how the Expires header specifies when cached responses become stale. Understand date formats and when to use Expires vs Cache-Control for caching.
Forwarded
Learn how the Forwarded header preserves original client information (IP, protocol, host) that would otherwise be lost when requests pass through proxies.
Host Header
Learn how the Host header specifies the target server domain name and port for HTTP requests. Essential for virtual hosting and routing on shared servers.
If-Match Header
Learn how the If-Match header makes requests conditional based on ETag matching. Prevent conflicts and lost updates in concurrent editing scenarios.
If-Modified-Since Header
Learn how the If-Modified-Since header requests resources only if modified since a specific date. Reduce bandwidth with efficient conditional caching.
If-None-Match Header
Learn how the If-None-Match header makes conditional requests using ETags. Avoid downloading unchanged resources and reduce bandwidth with cache validation.
If-Range Header
Learn how the If-Range header requests partial content only if the resource is unchanged. Efficiently resume downloads without re-fetching entire files.
If-Unmodified-Since Header
Learn how the If-Unmodified-Since header makes requests conditional on resources not being modified. Prevent conflicts in concurrent update scenarios.
Keep-Alive Header
Learn how the Keep-Alive header controls HTTP connection persistence and reuse. Reduce latency and improve performance by avoiding repeated TCP handshakes.
Last-Modified
Learn how the Last-Modified header indicates when a resource was last changed. Enable efficient cache validation with If-Modified-Since conditional requests.
Link Header
Learn how the Link header provides resource hints and enables preloading of CSS, fonts, and scripts to improve page load performance and user experience.
Location
Learn how the Location header specifies redirect URLs or the location of newly created resources. Essential for 201, 301, 302, and other redirect responses.
Origin Header
Learn how the Origin header identifies where cross-origin requests come from. Essential for CORS security policies and preventing cross-site request forgery.
Performance-Timing
Learn about Performance-Timing, a non-standard header for exposing server-side performance metrics to clients. Understand its use cases and alternatives.
Permissions-Policy Header
Learn how the Permissions-Policy header controls which browser features and APIs can be used in your site and embedded iframes. Enhance security and privacy.
Proxy-Authenticate Header
Learn how the Proxy-Authenticate header challenges clients for credentials when accessing resources through a proxy. Understand proxy authentication schemes.
Proxy-Authorization Header
Learn how Proxy-Authorization provides credentials to access resources through a proxy server. Understand proxy authentication schemes and security.
Range Header
Learn how the Range header requests partial content from servers to enable resumable downloads, video streaming, and efficient large file transfers.
Referer Header
Learn how the Referer header tells servers which page led to the current request. Understand its use in analytics, security, and privacy implications.
Referrer-Policy Header
Learn how Referrer-Policy controls how much referrer information is sent with requests. Protect user privacy while maintaining analytics functionality.
Refresh Header
Learn how the Refresh header instructs browsers to reload or redirect after a delay. Understand its use cases, limitations, and better alternatives.
Retry-After
Learn how the Retry-After header tells clients how long to wait before retrying a request. Understand its use with 503, 429, and 301 status codes.
Sec-WebSocket-Accept
Learn how the Sec-WebSocket-Accept header indicates server acceptance of a WebSocket connection upgrade. Understand the handshake process and key validation.
Sec-WebSocket-Key
Learn how the Sec-WebSocket-Key header provides a random key for WebSocket handshake validation. Understand the upgrade process and security implications.
Server-Timing Header
Learn how the Server-Timing header communicates server-side performance metrics to browsers. Analyze backend timing, database queries, and optimize performance.
Set-Cookie
Learn how the Set-Cookie header instructs browsers to store cookies with attributes like HttpOnly, Secure, SameSite, and expiration settings.
Strict-Transport-Security Header
Learn how Strict-Transport-Security (HSTS) forces browsers to only communicate over HTTPS, preventing protocol downgrade and man-in-the-middle attacks.
Timing-Allow-Origin
Learn how the Timing-Allow-Origin header specifies which origins can access Resource Timing API data. Enable cross-origin performance monitoring securely.
Transfer-Encoding Header
Learn how the Transfer-Encoding header specifies encoding formats like chunked transfer for streaming responses when content length is unknown beforehand.
User-Agent Header
Learn how the User-Agent header identifies the client software, browser, or application making HTTP requests. Understand user agent strings and best practices.
Vary
Learn how the Vary header specifies which request headers affect the response. Essential for proper cache differentiation and content negotiation.
Via Header
Learn how the Via header tracks the path of HTTP requests through proxies and gateways. Debug routing issues and understand your network infrastructure.
Warning Header
Learn about the deprecated Warning header that provided additional status information about message transformations. Understand why it was removed from HTTP.
WWW-Authenticate
Learn how the WWW-Authenticate header specifies authentication methods required to access protected resources. Understand Basic, Bearer, and Digest schemes.
X-Cache Header
Learn how the X-Cache header indicates cache hit or miss status from CDNs and proxies. Debug caching issues and verify CDN configuration with this header.
X-Content-Type-Options Header
Learn how X-Content-Type-Options with nosniff prevents browsers from MIME-sniffing responses. Protect against XSS attacks from content type confusion.
X-Forwarded-For
Learn how X-Forwarded-For identifies the original client IP when requests pass through proxies or load balancers. Essential for logging and security.
X-Forwarded-Proto
Learn how the X-Forwarded-Proto header identifies the original protocol (HTTP/HTTPS) used by clients connecting through proxies or load balancers.
X-Frame-Options Header
Learn how X-Frame-Options prevents clickjacking attacks by controlling whether your site can be embedded in frames, iframes, or objects on other domains.
X-RateLimit Headers
Learn how X-RateLimit headers inform API clients about rate limits, remaining requests, and reset times. Implement proper rate limiting in your applications.
X-Response-Time
Learn how the X-Response-Time header indicates server processing time in milliseconds. Useful for performance monitoring and debugging slow requests.
X-XSS-Protection Header
Deprecated header that enabled browser XSS filters to detect and block reflected cross-site scripting attacks.
Expires
Learn how the Expires cookie attribute sets an absolute expiration date. Understand date formats, timezone handling, and when to use Expires vs Max-Age.
Max-Age
Learn how the Max-Age cookie attribute sets expiration in seconds from now. Understand why Max-Age is preferred over Expires for reliable lifetime control.
Path
Learn how the Path cookie attribute restricts which URL paths can receive cookies. Understand path matching rules and how to scope cookies to specific routes.
Secure
Learn how the Secure cookie attribute ensures cookies are only sent over HTTPS connections. Protect sensitive data from man-in-the-middle attacks.
HTTP Header
Learn what HTTP headers are and how they provide metadata about requests and responses. Understand common headers like Content-Type and Authorization.
HTTP Method
Learn what HTTP methods are and how they define actions on resources. Understand GET, POST, PUT, DELETE, PATCH, and other methods with examples.
HTTP Payload
Learn what HTTP payload means and how message bodies carry data in requests and responses. Understand JSON, form data, and binary payloads.
HTTP Request
Learn what an HTTP request is and how clients send messages to servers. Understand request structure, methods, headers, and body components.
HTTP Response
Learn what an HTTP response is and how servers reply to client requests. Understand response structure, status codes, headers, and body content.
HTTP Session
Learn what HTTP sessions are and how they maintain state across stateless HTTP requests. Understand session cookies, tokens, and server-side storage.
HTTP Status Code
Learn what HTTP status codes are and how they indicate request results. Understand 1xx, 2xx, 3xx, 4xx, and 5xx code classes with common examples.
Idempotent
Learn what idempotent means in HTTP. Understand why GET, PUT, and DELETE are idempotent, why POST is not, and how idempotency affects API design.
Cookie Security: HttpOnly, SameSite, and Secure Flags
A comprehensive guide to understanding and implementing secure HTTP cookies to protect against XSS, CSRF, and session hijacking attacks.
Cross-Origin Resource Sharing (CORS)
Master Cross-Origin Resource Sharing (CORS) for secure cross-origin HTTP requests. Learn preflight requests, headers, credentials, and common error solutions.
HTTP Authentication Methods and Best Practices
A comprehensive guide to HTTP authentication methods including Basic Auth, Bearer tokens, API keys, and OAuth 2.0.
HTTP Headers and Caching: A Practical Guide
Master HTTP caching with Cache-Control, ETag, Last-Modified, and conditional request headers. Learn how to optimize performance with proper cache strategies.
HTTP Sessions and State Management Explained
Learn how to manage user state and sessions in stateless HTTP applications using cookies, tokens, and server-side storage.
HTTP Status Codes: A Complete Reference Guide
Learn how HTTP status code classes (1xx-5xx) work and when to use each code. Master informational, success, redirect, client error, and server error responses.
Request and Response Lifecycle
Learn how HTTP requests travel from browser to server and back. Understand DNS resolution, TCP connections, request/response flow, and the complete lifecycle.