What is it?
HTTP is the language clients and servers use to talk. A request has a method, a path, and headers. A response has a status code, headers, and a body. HTTPS is the same conversation wrapped in TLS encryption so nobody between you and the server can read or tamper with the data.
Why it matters
Every API call, every page load, every form submit is HTTP. Reading status codes correctly turns "the API is broken" into "we're getting a 401, the auth header is missing." That precision is the difference between a five-minute fix and an afternoon lost in Slack.
What to learn
- Request anatomy: method, path, headers, body
- Common methods: GET, POST, PUT, PATCH, DELETE — and when each fits
- Status code families: 2xx, 3xx, 4xx, 5xx — what each one means
- Important headers:
Content-Type,Cache-Control,Authorization,Cookie - Cookies, sessions, and how the browser stitches them together
- HTTPS basics: why TLS, what a certificate proves, what it doesn't
Common pitfall
Reaching for POST when you mean PUT or PATCH. Methods aren't decoration — they tell caches, proxies, and other services how to behave. A POST that should be idempotent will get retried in ways you don't expect when the network blips.
Resources
Primary (free):
- MDN — HTTP overview · docs
- MDN — HTTP status codes · docs
- HTTP/3 explained — Bagder · article
Secondary (paid):
- HTTP — The Definitive Guide · article
Practice
Pick a real REST API (GitHub's, OpenWeather, anything public). Use curl
or Postman to send one request per HTTP method against it. Read the
response headers, not just the body. Done when you can predict the status
code before you press send.
Outcomes
- Pick the right HTTP method for any read or write operation.
- Decode a response status code without looking it up.
- Explain why HTTPS isn't optional in 2026.
- Identify the most useful headers in a real request / response pair.