LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is an HTTP GET request, and what are the key parts of a typical HTTP exchange?

A GET request asks the server "give me this resource." The exchange is plain text: request line, headers, blank line, optional body — followed by a response with status code, headers, and the actual content.

Client sends GET + headers; server replies 200 OK + headers, then the HTML body.

* The HTTP request/response exchange: a GET with headers, answered by a status line, headers, and body. *

Anatomy of a GET request:

GET /index.html HTTP/1.1                ← Request line
Host: www.example.com                   ← Required in HTTP/1.1+
User-Agent: Mozilla/5.0 ...
Accept: text/html,application/xhtml+xml
Accept-Language: en-US,en;q=0.9
Cookie: sessionid=abc123
Connection: keep-alive
                                        ← Blank line marks end of headers
                                        ← (GET has no body)

Anatomy of a response:

HTTP/1.1 200 OK                         ← Status line
Server: nginx/1.18.0
Content-Type: text/html; charset=utf-8
Content-Length: 4823
Date: Wed, 13 Mar 2026 14:23:01 GMT
                                        ← Blank line
<!DOCTYPE html>                         ← Body
<html>...

Key concepts:

  • Methods: GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH
  • GET = idempotent, safe — calling repeatedly has the same effect (no state change)
  • POST = state-changing — typically used for submitting data
  • Stateless — each request is independent; sessions are tracked via cookies

Status code categories:

Range Meaning Examples
1xx Informational 100 Continue
2xx Success 200 OK, 201 Created, 204 No Content
3xx Redirect 301 Moved Permanently, 302 Found, 304 Not Modified
4xx Client error 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found
5xx Server error 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable

Why HTTP is plaintext (and why that's a security disaster):

  • Anyone on the path (WiFi, ISP, gateway) can read it
  • Cookies, passwords (if not on HTTPS), and content are visible
  • This is exactly why HTTPS (HTTP over TLS) replaced HTTP for almost all real traffic

Tip: neverssl.com is a deliberately HTTP-only site for testing — useful for diagnosing captive portals (which intercept HTTP traffic to show login pages).

Go deeper:

From Quiz: INTROL / Protocol Analysis | Updated: Jul 14, 2026