I've created a complete HTTP Interview Cheat Sheet covering Q1-Q35.
Here's the PDF-ready content:
🌐 HTTP Interview Cheat Sheet
1. Basics of HTTP
• HTTP: Application-layer protocol for client-server communication. Stateless.
• HTTP vs HTTPS: HTTPS uses TLS/SSL for encryption and authentication.
• Ports: HTTP-80, HTTPS-443
• State: Stateless; use cookies/sessions/tokens to maintain state.
2. HTTP Methods & Status Codes
• Methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
• PUT vs PATCH: PUT replaces full resource, PATCH updates partially.
• Status Code Categories:
• 1xx: 100 Continue, 101 Switching Protocols
• 2xx: 200 OK, 201 Created, 204 No Content
• 3xx: 301 Moved Permanently, 302 Found, 304 Not Modified
• 4xx: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 408 Request Timeout,
429 Too Many Requests
• 5xx: 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, 504 Gateway Timeout
• 401 vs 403: 401 = missing/invalid credentials, 403 = valid credentials but insufficient permission
• OPTIONS: Returns allowed methods; used in CORS and debugging.
3. HTTP Headers & Caching
• Headers: Key-value pairs with metadata and control information.
• Common Headers:
• Request: Host, User-Agent, Authorization, Accept
• Response: Server, Content-Type, Content-Length, Set-Cookie, ETag
• Content-Type: MIME type of request/response body.
• Caching: Cache-Control, Expires, ETag, Last-Modified. Policies: no-cache, no-store, max-age,
public, private.
• ETag vs Last-Modified: ETag = unique version; Last-Modified = timestamp. Used in conditional
requests.
4. Security & Advanced Concepts
• HSTS: Forces HTTPS; prevents downgrade attacks.
• Authentication: Basic = base64 credentials; Bearer Token = token (JWT).
• CORS: Cross-Origin Resource Sharing; preflight OPTIONS checks permissions.
• Persistent connections: TCP stays open for multiple requests (Connection: keep-alive).
• Content negotiation: Client Accept , server Content-Type determine response format.
1
�5. Idempotence, Safe Methods & HTTP/2-3
• Safe vs Idempotent: Safe = no server change, Idempotent = repeated requests same effect.
• GET: Safe & Idempotent
• POST: Not safe & not Idempotent
• HTTP/1.1 vs HTTP/2: HTTP/2 = binary, multiplexing, header compression, reduces latency.
• HTTP/3 & QUIC: UDP-based, faster, 0-RTT, no HOL blocking, TLS built-in.
6. Performance & Misc
• Pipelining vs Multiplexing: Pipelining = sequential, may block; Multiplexing = concurrent.
• HTTPS security: TLS/SSL → encryption, integrity, authentication.
• Improve performance: caching, header compression, multiplexing, persistent connections,
minimize redirects.
• Set-Cookie: Server stores data on client; returned via Cookie header.
• Cookie vs Session: Cookie = client-side data; Session = server-side user state, linked via cookie.
7. Advanced / Tricky Concepts
• Preflight request: OPTIONS sent before non-simple CORS requests.
• HTTP/2 header compression: HPACK → reduces packet size, improves performance.
• no-cache vs no-store: no-cache = revalidate, no-store = do not store.
• HOL blocking: Delayed packet blocks others; affects HTTP/1.1 pipelining & HTTP/2 over TCP.
• HTTP/3 & QUIC advantages: UDP, faster, no HOL blocking, TLS built-in, 0-RTT.
Pro Tips: 1. Explain clearly in 2-3 sentences. 2. Give real-world examples. 3. Highlight method, header,
and protocol differences. 4. For status codes, give 2-3 examples per category. 5. Keep advanced HTTP/
2–3, CORS, HSTS, QUIC definitions short and precise.
