background

What are HTTP status codes? This is also a very common interview question. We all know 404 page does not exist, 500 server error, 301 redirect, 302 temporary redirect, 200OK, 401 unauthorized anything.

If this simple answer, may only be able to let the interviewer give your answer a five or six very, not enough to give the interviewer a good impression, in order to show his good knowledge of HTTP, you may be able to focus on three status code and related knowledge, they are respectively 304 consultation cache, protocol, 101, and 307 HSTS jump.

304 Negotiated Cache

Let’s start with the 304 negotiated cache. That’s the basics. Trust me, as soon as you mention 304 negotiation cache, the interviewer will be tempted to ask you, what is negotiation cache?

Now it’s time to show off your extensive knowledge of browser caching. My general answer: browser caches are divided into mandatory caches and negotiated caches, with read mandatory caches being preferred.

A mandated cache can be expires or cache-control, where a expires is a specific time, which is the older standard, whereas a cache-control is usually a specific time, which is newer and has a higher priority.

The negotiated cache includes ETAG and Last-Modified. Last-modified is set according to the last modification time of the resource, while ETAG is a value calculated based on the content of the resource, so it has a higher priority.

The difference between the negotiated cache and the mandatory cache is that the mandatory cache does not require access to the browser and returns 200, whereas the negotiated cache requires access to the server and returns 304.

101 Protocol Upgrade

Mainly used for websockets, but can also be used for http2 upgrades.

Websocket features and efficacy are not detailed, we are very familiar.

Http2 supports multiple requests for a single connection, binary, compressed header, server push, etc. Specific understanding is also their own Google Baidu, here is not detailed.

HTTPS, HTTP,http2, and its spdy are different, and they have advantages and disadvantages, and they have what links, these knowledge need to be searched by the reader.

307 HSTS jump

This is more advanced and was originally used to redirect a POST request to a new POST request, but is also used for HSTS jumps.

HSTS is short for HTTP Strict Transport Security (HSTS). It requires that the next time a browser accesses a site, it uses HTTPS instead of HTTP and HTTPS. In this way, SSL stripping attacks can be avoided. In this way, an attacker attacks the server when the user uses HTTP to access the server and impersonates himself as a user. The attacker and the server use HTTPS to access the server and the user and the server use HTTP to access the server.

To do this, add strict-transport-security to the server response header, and you can set max-age

Of course, speaking of SSL stripping attacks, you must be interested to know what else can be done to attack supposedly secure HTTPS? What I’ve learned here is that there are SSL hijacking attacks, presumably trusting third party security certificates, which are used by proxy software to listen for HTTPS. If there is more, welcome to add.

conclusion

Only three status codes can involve so much knowledge, for the status code, we can not just one-sided to recite the status code and the corresponding meaning, to take the initiative to dig, in-depth, with the help of HTTP status code to establish their own network system.

Set a homework assignment: What’s the difference between 301 and 302? Which scenarios do they apply to? Would you still only remember that one is permanent and one is temporary?

Finally, if my article is helpful to you, please follow me on this blog and star or follow me on Github

reference

I know you are lazy, so I have searched for relevant information for you

Discussion on browser HTTP caching mechanism

Http2 interpretation

HTTP,HTTP2.0,SPDY,HTTPS Some things you should know about HSTS you don’t

Some tips on enabling HTTPS