Understanding HTTP Requests

🌐 Understanding HTTP Requests: Request Line, Methods, Headers & Body
When you visit a website, log in, or submit a form, your browser sends something called an HTTP request to the server. If you're learning about web development or cybersecurity, understanding this is super important!
Let’s break it down into four main parts:
📌 1. Request Line (Start Line)
The request line is the first part of the HTTP request. It tells the server:
What to do (method)
Where to do it (path)
How to communicate (HTTP version)
✨ Example:
pgsqlCopyEditGET /login HTTP/1.1
🔹 It includes:
Method – Example:
GET
,POST
, etc.Path – The URL path. Example:
/login
Version – Like
HTTP/1.1
,HTTP/2
, etc.
🔧 2. HTTP Methods
Each method tells the server what kind of action the user wants to perform.
Method | Purpose | Security Tip 🔒 |
GET | Retrieve data | Don’t send sensitive info like passwords |
POST | Send data (like login info) | Always validate input |
PUT | Update or replace data | Check user permission |
DELETE | Delete data | Only allow authorised users |
PATCH | Update part of a resource | Validate data carefully |
HEAD | Like GET, but no body | Used to check metadata |
OPTIONS | Lists allowed methods | Can be disabled if not needed |
TRACE | Debugging tool | Disable it for security |
CONNECT | Creates secure tunnel (HTTPS) | Used in secure browsing |
📥 3. Request Headers
Request headers give extra details about the request. These help the server understand how to handle it.
🔹 Common Headers:
Header | Example | What It Does |
Host | Host: tryhackme.com | Tells which website the request is for |
User-Agent | User-Agent: Mozilla/5.0 | Info about the browser or client |
Referer | Referer: https://www.google.com/ | Shows where the user came from |
Cookie | Cookie: user_type=student; room_status=in_progress | Sends stored data like login/session info |
Content-Type | Content-Type: application/json | Describes the format of data in the body |
📌 Fill in the blanks?
_______ _______ = Request Headers ✅
🧾 4. Request Body
The request body carries data when the client is sending something to the server — usually with POST or PUT methods.
🧠 Formats used in the body:
🔸 a) URL Encoded (application/x-www-form-urlencoded
)
Key-value pairs like:
key1=value1&key2=value2
Common in login forms
httpCopyEditPOST /profile HTTP/1.1
Content-Type: application/x-www-form-urlencoded
name=Aleksandra&age=27&country=US
🔸 b) Form Data (multipart/form-data
)
Used for uploading files or images
Data is split using a boundary
httpCopyEditPOST /upload HTTP/1.1
Content-Type: multipart/form-data; boundary=----boundary123
----boundary123
Content-Disposition: form-data; name="username"
aleksandra
----boundary123
Content-Disposition: form-data; name="profile_pic"; filename="aleksandra.jpg"
Content-Type: image/jpeg
[Binary image data here]
----boundary123--
🔸 c) JSON (application/json
)
Common in APIs
Uses key-value pairs with curly braces
hCopyEditPOST /api/user HTTP/1.1
Content-Type: application/json
{
"name": "Aleksandra",
"age": 27,
"country": "US"
}
🔸 d) XML (application/xml
)
Uses opening and closing tags
Example of nested data
httpCopyEditPOST /api/user HTTP/1.1
Content-Type: application/xml
<user>
<name>Aleksandra</name>
<age>27</age>
<country>US</country>
</user>
✅ Quick Recap
Default content type for forms? →
application/x-www-form-urlencoded
Where is Host, User-Agent, Content-Type found? → Request Headers
Got questions or want to learn more about HTTP responses next? Drop a comment below! 💬✨
Subscribe to my newsletter
Read articles from Sylvester (ANBU) directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Sylvester (ANBU)
Sylvester (ANBU)
This blog serves as a beginner-friendly guide to understanding the world of cybersecurity. From defining what cybersecurity is to exploring its two major domains—offensive and defensive security—it breaks down various career paths such as Security Analyst, Engineer, Penetration Tester, and more. Whether you're just curious or planning a career, this blog gives you the insight and direction to get started in the cybersecurity field.