AG
HTTP
HTTP Reference
Status Codes
Methods
Headers
MIME
Auth
Directives
Glossary
Guides
한국어
English
Home
/
Glossary
HTTP Glossary
40 core HTTP and web development terms explained with definitions, context, and examples.
Caching
4
CDN
A CDN (Content Delivery Network) is a globally distributed network of edge servers that serves content from close to the user, reducing latency and offloading the origin server.
ETag
An ETag (Entity Tag) is an opaque identifier for a specific version of a resource (usually a content hash) that the server sends in the response header.
HTTP Cache
HTTP caching is the standard mechanism of storing responses and reusing them for identical requests to cut latency, bandwidth, and server load.
TTFB
TTFB (Time To First Byte) is the time from when the client sends a request to when the first byte of the server's response arrives.
Concepts
5
Cacheable
Cacheable describes whether a response may be stored and reused for later identical requests.
Content Negotiation
Content negotiation is the mechanism by which a server picks the most appropriate representation of a resource for a single URL based on the client's preferences and capabilities.
Idempotent
Idempotent means that making the same request once or many times leaves the server in the same final state.
REST
REST (Representational State Transfer) is an architectural style for web APIs that identifies resources by URL and expresses actions on them via HTTP methods.
Safe Method
A safe method is an HTTP method defined as read-only — it must not change server state.
Formats
5
Cookie
A cookie is a small key/value piece of data the server tells the browser to store via the `Set-Cookie` header, which is then automatically attached to every subsequent request to the same site in the `Cookie` header.
MIME Type
A MIME type (media type, content type) is a standard identifier in `type/subtype` form that states the kind of data (e.g. text/html, application/json, image/png).
Rate Limiting
Rate limiting caps how many requests a client can send within a time window to protect the server from overload, abuse, and attacks.
Session
A session is the conceptual unit that stitches a particular user's state (logged-in status, cart, etc.) across many requests on top of stateless HTTP.
URI, URL, URN
A URI (Uniform Resource Identifier) is the umbrella concept for a string that identifies a resource; URL and URN are its two subtypes.
Networking
6
DNS
DNS (Domain Name System) is the internet's distributed name-resolution system that translates human-readable domain names (example.com) into machine IP addresses (93.184.216.34).
Gateway
A gateway is a component that acts as an entry point between different networks or services; in web development it usually means an 'API gateway'.
Load Balancer
A load balancer distributes incoming requests across multiple servers so no single server is overwhelmed, improving the system's availability and scalability.
Port
A port is a 16-bit number (0–65535) that distinguishes multiple network services on a single machine sharing one IP address.
Reverse Proxy
A reverse proxy sits in front of clients, receives their requests, forwards them to one of several backend servers, and returns the responses.
TCP vs UDP
TCP and UDP are the internet's two core transport-layer protocols. TCP is connection-oriented with reliability and ordering; UDP is connectionless with minimal overhead for speed.
Protocol
10
Head-of-Line Blocking
Head-of-Line (HoL) blocking is when the item at the front of a queue can't be processed, stalling every item queued behind it.
HTTP
HTTP (HyperText Transfer Protocol) is the request-response, application-layer protocol clients and servers use to exchange resources on the web.
HTTPS
HTTPS is HTTP traffic carried over an encrypted TLS connection — not a separate protocol but simply 'HTTP over TLS'.
Keep-Alive
Keep-Alive (persistent connection) reuses a single TCP connection for multiple HTTP request/response exchanges, eliminating the cost of opening and closing a connection per request.
Multiplexing
Multiplexing sends and receives multiple request/response streams concurrently over a single connection — the core improvement of HTTP/2.
QUIC
QUIC is a transport protocol designed by Google and standardized by the IETF to run over UDP; it is the foundation of HTTP/3.
Redirect
A redirect is the mechanism by which a server, using a 3xx status code and a `Location` header, tells the client 'the requested resource lives at another URL, so re-request it there.'
Server-Sent Events
SSE (Server-Sent Events) is a one-way real-time technique where the server keeps pushing events to the client over a single persistent HTTP response stream.
Webhook
A webhook is a 'reverse API' where, when an event occurs, a server sends an HTTP request (usually POST) to a pre-registered URL to proactively notify the other party.
WebSocket
WebSocket is a protocol that lets a client and server exchange messages freely in both directions over a single persistent connection.
Security
10
Access Token
An access token is a credential a client presents on a request to prove it is authorized to reach a protected resource (API).
CORS
CORS (Cross-Origin Resource Sharing) is the standard by which a server uses specific headers to say 'JavaScript from this origin is allowed to read my response,' letting the browser relax the Same-Origin Policy.
CSRF
CSRF (Cross-Site Request Forgery) is an attack where a logged-in user visits a malicious site that uses the user's auth cookie to send a state-changing request to the target site without the user's knowledge.
HSTS
HSTS (HTTP Strict Transport Security) is a policy where the server uses the `Strict-Transport-Security` response header to tell browsers 'from now on, only ever connect to this site over HTTPS.'
JWT
A JWT (JSON Web Token) is a URL-safe, self-contained token format made by signing a JSON set of claims.
Origin
An origin is the fundamental unit of web security, defined by the tuple of scheme (protocol), host, and port.
Preflight Request
A preflight request is a CORS pre-check in which the browser, before sending a 'complex' cross-origin request, uses the OPTIONS method to ask the server whether that request is allowed.
Same-Origin Policy
The Same-Origin Policy (SOP) is the browser's baseline security rule that prevents a script loaded from one origin from freely accessing resources from another origin.
TLS / SSL
TLS (Transport Layer Security) is the protocol that provides encryption, integrity, and authentication between two parties; it is the successor to the older SSL (Secure Sockets Layer).
XSS
XSS (Cross-Site Scripting) is a vulnerability where an attacker injects malicious JavaScript into a web page so it runs in the victim's browser with that site's privileges.