Level 2 · 35 min

HTTP: Versions, Headers, CORS, and Semantics

HTTP is an application protocol with methods, status codes, headers, caching, and connection behavior. HTTP/2 multiplexes streams over one TCP connection; HTTP/3 runs over QUIC on UDP. CORS is a browser enforcement policy, not server-to-server auth.

Mental model for HTTP

HTTP: Versions, Headers, CORS, and Semantics is useful only when you can explain the abstraction and its failure boundary. Start by naming inputs, outputs, guarantees, and what the component refuses to guarantee. That framing prevents cargo-cult use of a technique that happens to be popular.

Production design questions

For a senior interview, connect the concept to reliability, latency, cost, security, and observability. Explain what you would measure, what assumption could break first, and how you would roll out a change safely.

Common failure mode

The common mistake is treating HTTP as a black box. When the system fails, you need enough internal model to inspect inputs, intermediate state, and outputs without guessing.

Key Takeaways

Define the exact guarantee provided by HTTP.
Tie the concept to measurable production behavior, not only textbook definitions.
Name the failure mode and the signal you would monitor before shipping.

Code example

Checklist:
1. Define the user-facing goal
2. State the system guarantee
3. Identify assumptions
4. Add measurement
5. Test the most likely failure mode