Understanding HTTP Requests

🌐 Understanding HTTP Requests: Request Line, Methods, Headers & Body

When you visit a website, log in, or submit a form, your browser sends something called an HTTP request to the server. If you're learning about web development or cybersecurity, understanding this is super important!

Let’s break it down into four main parts:


📌 1. Request Line (Start Line)

The request line is the first part of the HTTP request. It tells the server:

  • What to do (method)

  • Where to do it (path)

  • How to communicate (HTTP version)

✨ Example:

pgsqlCopyEditGET /login HTTP/1.1

🔹 It includes:

  • Method – Example: GET, POST, etc.

  • Path – The URL path. Example: /login

  • Version – Like HTTP/1.1, HTTP/2, etc.


🔧 2. HTTP Methods

Each method tells the server what kind of action the user wants to perform.

MethodPurposeSecurity Tip 🔒
GETRetrieve dataDon’t send sensitive info like passwords
POSTSend data (like login info)Always validate input
PUTUpdate or replace dataCheck user permission
DELETEDelete dataOnly allow authorised users
PATCHUpdate part of a resourceValidate data carefully
HEADLike GET, but no bodyUsed to check metadata
OPTIONSLists allowed methodsCan be disabled if not needed
TRACEDebugging toolDisable it for security
CONNECTCreates secure tunnel (HTTPS)Used in secure browsing

📥 3. Request Headers

Request headers give extra details about the request. These help the server understand how to handle it.

🔹 Common Headers:

HeaderExampleWhat It Does
HostHost: tryhackme.comTells which website the request is for
User-AgentUser-Agent: Mozilla/5.0Info about the browser or client
RefererReferer: https://www.google.com/Shows where the user came from
CookieCookie: user_type=student; room_status=in_progressSends stored data like login/session info
Content-TypeContent-Type: application/jsonDescribes the format of data in the body

📌 Fill in the blanks?
_______ _______ = Request Headers


🧾 4. Request Body

The request body carries data when the client is sending something to the server — usually with POST or PUT methods.

🧠 Formats used in the body:


🔸 a) URL Encoded (application/x-www-form-urlencoded)

  • Key-value pairs like: key1=value1&key2=value2

  • Common in login forms

httpCopyEditPOST /profile HTTP/1.1
Content-Type: application/x-www-form-urlencoded

name=Aleksandra&age=27&country=US

🔸 b) Form Data (multipart/form-data)

  • Used for uploading files or images

  • Data is split using a boundary

httpCopyEditPOST /upload HTTP/1.1
Content-Type: multipart/form-data; boundary=----boundary123

----boundary123
Content-Disposition: form-data; name="username"

aleksandra
----boundary123
Content-Disposition: form-data; name="profile_pic"; filename="aleksandra.jpg"
Content-Type: image/jpeg

[Binary image data here]
----boundary123--

🔸 c) JSON (application/json)

  • Common in APIs

  • Uses key-value pairs with curly braces

hCopyEditPOST /api/user HTTP/1.1
Content-Type: application/json

{
  "name": "Aleksandra",
  "age": 27,
  "country": "US"
}

🔸 d) XML (application/xml)

  • Uses opening and closing tags

  • Example of nested data

httpCopyEditPOST /api/user HTTP/1.1
Content-Type: application/xml

<user>
  <name>Aleksandra</name>
  <age>27</age>
  <country>US</country>
</user>

✅ Quick Recap

  • Default content type for forms?application/x-www-form-urlencoded

  • Where is Host, User-Agent, Content-Type found?Request Headers


Got questions or want to learn more about HTTP responses next? Drop a comment below! 💬✨

0
Subscribe to my newsletter

Read articles from Sylvester (ANBU) directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Sylvester (ANBU)
Sylvester (ANBU)

This blog serves as a beginner-friendly guide to understanding the world of cybersecurity. From defining what cybersecurity is to exploring its two major domains—offensive and defensive security—it breaks down various career paths such as Security Analyst, Engineer, Penetration Tester, and more. Whether you're just curious or planning a career, this blog gives you the insight and direction to get started in the cybersecurity field.