School enrollment oriented: summary of HTTP and front end cache knowledge points


School enrollment oriented: summary of HTTP and front end cache knowledge points

1、 Basic concepts

HTTP features

  • Simple and fastWhen you request a service, you only need to transfer the request method and path
  • flexible: allows the transfer of any type of data object, marked by content type
  • No connection: the server will disconnect after processing the request
  • Stateless: means that each request is independent and must be retransmitted if the previous information is required for subsequent processing


  • In order to protect the privacy and integrity of exchange data and provide the function of identity authentication of website server, the SSL layer is added to http
  • Function:

    • Confirm the authenticity of the website through certificate and other information: authenticate the website and give it unique identification
    • Establish encrypted information channel: the digital certificate issued by us can encrypt the information we transmit on the Internet through encryption technology (symmetric encryption and asymmetric encryption)
    • Verify the integrity of the data content: Data hijacking will occur when the packets are forwarded by the router for countless times. Hackers will tamper with the data after hijacking. After turning on HTTPS, hackers can’t tamper with the data. Even if the data is tampered with, we can detect the problem

Persistent connectionKeep-Alive

  • connection: Keep-Alive Make the connection between client and server continue to be effective, and avoid establishing or re establishing the connection beyond the time specified by keep alive, except for accidental power failure
  • Request 1 > response 1 > request 2 > response 2
  • HTTP 1.1


  • Through persistent connection
  • Request 1 > request 2 > request 3 > response 1 > response 2 > response 3
  • Only get and head can be pipelined, while post is limited
  • HTTP 1.1

Difference between get and post

  • The parameters that get requests pass in the URL are limited in length, but not in post
  • Get is less secure than post because the parameters are directly exposed to the URL, so they cannot be used to pass sensitive information
  • The get parameter is passed through the URL, and post is placed in the request body
  • Get is harmless when the browser goes back, and post submits the request again
  • The URL address generated by get can beCollection, but post can’t
  • Get requests will be initiated by the browsercache, and post will not, unless manually set
  • The get request parameters are fully preserved in the browser history, while the parameters in post are not
  • Get requests can only be encoded by URL, while post supports multiple encoding methods

Common status code

  • 200 OK: the request has been processed normally
  • 204 no content: the request was processed successfully, but no resources could be returned to the client
  • 301 moved permanently: permanent redirection
  • 302 found: temporary redirection
  • 304 not modified: the resource is not modified and does not return the resource. The client is allowed to access the cache resource
  • 400 bad request: request parameter error
  • 401 unauthorized: require user authentication requirements
  • 403 Forbidden: the server understands the request but refuses to execute it
  • 404 not found: the requested resource is not available on the server. Wrong path, etc
  • 408 request time out: request timeout
  • 500 Internal Server Error: server internal error

2、 Three handshakes and four waves

Three handshakes

If it’s two handshakes

1. C: Hello, Hello, this is C. can you hear me?
S: Yes, I can hear you. I'm S. can you hear me?
3. C: (yes, I don't want to pay attention to you)
4. S: Hello, hello? Can you hear me? I'm dead on the other side. I'm hanging up..

If it’s four handshakes

1. C: Hello, Hello, this is C. can you hear me? 
S: Yes, I can hear you. I'm S. can you hear me? 
C: Yes, and you? Can you hear me?
4. S:?? Are you mentally retarded? Didn't I say I can hear you, don't want to talk to XX...

Three handshakes

1. C: Hello, Hello, this is C. can you hear me? 
S: Yes, I can hear you. I'm S. can you hear me? 
C: Yes. Let's go fishing today.. balabala


1. For the first handshake, C-terminal sends and S-end receives, which proves the sending ability of C-terminal
2. In the second handshake, s end sends and C end receives, which proves the receiving ability and sending ability of s end
3. In the third handshake, C-terminal sends and S-end receives, which proves the receiving ability of C-terminal
4. At the same time of reliability, performance and time should be considered, so three handshakes are the most reasonable

Four waves

full duplex

A and B can communicate with each other and send messages by analogy. At the same time, both parties can send messages to each other without affecting each other

Single duplex

A and B can only communicate in one way. Analogy is to make a phone call. At the same time, only one person can speak and the other can listen. If two people talk together, no one can hear clearly and it is meaningless

Four waves

1. C: sorry s, I need to close the connection. Would you like to prepare?
2. S: OK, C, I've received your turn off signal. I still have data to send. Wait for me.
3. S: C brother, I can close it. Let me give you a final word. When you respond to my words, I will close it directly;
4. C: OK, I'll give you a response. You can close it when you receive it. Don't pay attention to me
5. S: (after receiving the ACK message, it will be closed directly). This process does not generate data interaction and does not count the number of wave
6. C: after waiting for 2msl (maximum message segment survival time), s has nothing to give, and I also shut it off;

The difference with three handshakes

Two waves in the middle of four waves are equivalent to splitting the middle handshake of three into two

Why does the C terminal have to wait for the maximum message lifetime to close?

If the packet loss caused by unreliable network exceeds the maximum waiting time, it is useless even if it is not received, so it can be closed.

3、 Cache

Expires (strong cache)

  • HTTP 1.0 field, indicating the cache expiration time, an absolute time
Expires: Thu, 10 Nov 2020 08:45:11 GMT
  • Disadvantages: if the user modifies the local time, it may cause the browser to judge that the cache is invalid

Cache control

  • The HTTP 1.1 field indicates the maximum effective time (seconds) of the resource cache. During this time, the client does not need to send a request to the server, and the priority is higher than expires
Cache-control:public, max-age=2592000
    • max-age: the maximum effective time
    • s-maxage: for proxy caching (such as CDN cache), with priority higher than max age
    • must-revalidate: if the max age time is exceeded, the browser must send a request to the server to verify that the resource is still valid
    • no-cache: the browser caches the content, but does not use it directly. When using, it sends a request confirmation to the server
    • no-store: no caching
    • public: all content can be cached (including client and proxy server, such as CDN)
    • privite: all content can be cached only by the client (default)
    • Max age = 0, must revalidate is equivalent to no cache

    Last modified & if modified since

    • The server informs the client of the last modified time of the resource through the last modified field of the response headers
    Last-Modified: Mon, 10 Nov 2020 09:10:11 GMT
    • The next time the same resource is requested, the browser finds the “not sure if it’s expired” cache from its own cache. Therefore, in request headers, the last modified value is written to the if modified since field of the request header
    If-Modified-Since: Mon, 10 Nov 2020 09:10:11 GMT
    • The server compares the value of if modified since with the last modified field. If it is equal, it means that it has not been modified and responds to 304, and continues to return the last modified field; otherwise, it means that the modified response is 200 status code, and the data and the new last modified field are returned
    • Disadvantages:

      • Some servers can’t get the exact time
      • If the resource update rate is less than seconds, then the cache cannot be used because its minimum time unit is seconds
      • If the file is generated dynamically through the server, the update time of this method is always the time of generation, although the file may not change, so it can not serve as a cache

    Etag & if none match

    • Etag stores the special ID of the file (usually generated by hash or MD5), and the server stores the Etag field of the file,
    ETag: "asj1jbasdbb4skdbk-ajs"
    • The process is consistent with last modified & if modified since
    If-None-Match: "asj1jbasdbb4skdbk-ajs"
    • Etag has higher priority than last modified
    • More rigorous, file transformation and Etag change

    Hierarchical caching strategy

    1. 200 from cache: at the bottom level, it is controlled by expires and cache control (the priority of cache control is higher than expires). If the cache is hit, it will be read directly. If there is no hit, it will enter the next state
    2. 304: this layer is controlled by last modified and Etag (Etag priority is higher than last modified). If the server passes the verification, 304 and the old last modified and Etag fields are returned, and the browser reads the cache. If the server fails the verification, it enters the next state
    3. 200: if the server fails to verify, or the user forces to refresh the page, 200 and file are returned, as well as the new last modified and Etag fields, and the browser updates the cache


    • The results showed that the time of expires, cache control, last modified & if modified since were all in timesecondEtag & if none match takes the file as the dimension, so Etag is the most rigorous, and Etag will change when the file changes
    • Priority: cache control > expires > Etag > last modified

    4、 Reference articles

    Read front end cache

    [HTTPS] 517 what exactly is encrypted in HTTPS?

    Most of this article is my own summary. Some examples refer to some articles. However, due to the deletion of browser history, some reference articles can not be retrieved. If you have any information, please contact me, and I will add the original link.