What Exactly Is Sent When You Visit a Website?

Sundaram GSundaram G
3 min read

Analogy:

Imagine you're ordering food online. You fill out a form with your name, address, and order. That form gets sent to the restaurant. The restaurant cooks your food and sends it back with a receipt. In web terms, you're the browser (client), the restaurant is the server, and the form is your HTTP request. Let's break down what that “form” actually contains.

Step 1: You Make a Request

Whenever you visit a webpage or interact with a web app, your browser initiates an HTTP request to the server.

What’s included in the request:

  1. Request Line

    • Specifies the HTTP method (e.g., GET, POST), the path (e.g., /login), and the HTTP version.

    • Example:
      GET /dashboard HTTP/1.1

  2. HTTP Headers

    • Metadata that describes the request and the client making it:

      • Host: Target domain (example.com)

      • User-Agent: Info about the browser or client

      • Accept: Data formats it can process (e.g., application/json)

      • Authorization: API tokens, Bearer tokens, Basic Auth, etc.

      • Referer, Origin, Accept-Language, and others

  3. Cookies (if applicable)

    • The browser includes any cookies previously set by the server.

    • Example:
      Cookie: session_id=abc123; theme=dark

  4. Query Parameters

    • Key-value data sent in the URL itself.

    • Example:
      /search?q=networking&sort=latest

  5. Request Body (mainly in POST, PUT, PATCH)

    • Sent when data is being submitted (like login credentials or form data).

    • Often formatted in JSON or x-www-form-urlencoded.

    • Example:

        {
    "username": "admin",
    "password": "hunter2"
  }

  6. IP Address & Port

    • Although not in the request body, the server sees your public IP and the source port as part of the underlying TCP connection.

How Is It Sent?

The request is sent over:

  • HTTP: Plain text (not secure)

  • HTTPS: Encrypted via TLS/SSL (secure)

The browser performs a DNS lookup, opens a TCP connection (or reuses one), performs a TLS handshake (if HTTPS), and then sends the full HTTP request over this connection.

Step 2: Server Processes the Request

  • The server receives the request and uses:

    • The path to route to the correct resource

    • The headers and body to understand what you want

    • The cookies or tokens to identify you (session, auth)

  • The server runs any business logic (e.g., checking credentials, fetching data, writing to a database)

Step 3: Server Sends a Response

The server crafts an HTTP response and sends it back to the client.

What’s in the response:

  1. Status Line

    • Indicates the outcome of the request.

    • Example:
      HTTP/1.1 200 OK

  2. Response Headers

    • Information about the response or instructions for the client.

      • Content-Type: Format of the response body (e.g., application/json, text/html)

      • Set-Cookie: Tells the browser to store or update a cookie

      • Cache-Control, Content-Length, Server, CORS headers, etc.

  3. Response Body

    • The actual content: could be HTML, JSON, an image, or anything else.

    • Example (JSON):

        {
    "message": "Login successful",
    "user": {
      "id": 123,
      "role": "admin"
    }
  }

Summary of the Flow

  1. Client sends request:

    • Includes method, URL, headers, cookies, and optionally body data.

  2. Server processes request:

    • Validates input, applies logic, fetches/stores data.

  3. Server responds:

    • Sends back a status, headers, and content.

  4. Client receives response:

    • The browser renders it or processes the data (e.g., shows a success message or displays a page).

And remember:
If your date doesn't respond, it's not ghosting — it's just a 408 Request Timeout. 💔

1
Subscribe to my newsletter

Read articles from Sundaram G directly inside your inbox. Subscribe to the newsletter, and don't miss out.

httphttps

Written by

Sundaram G
Sundaram G