1 WEB FOUNDATIONS

How the Web Works

🌐 How the Web Works: A Deep Dive for Fullstack Engineers

Understanding how the web works under the hood is the single most important foundation for a web developer. When you type a URL into a browser and press Enter, a complex orchestration of protocols, servers, and networks executes in a matter of milliseconds. As an engineer, you must understand this pipeline to build performant, secure, and scalable applications.

1️⃣ The Client-Server Architecture

The web is fundamentally built on the Client-Server Architecture.

  • The Client: This is the application that requests resources. Most commonly, this is your web browser (Chrome, Firefox, Safari), but it can also be a mobile app, a terminal tool (like curl), or even another server making an API request.
  • The Server: This is a powerful computer running specialized software (like Node.js, Nginx, or Apache) that listens to requests from clients, processes them, and returns a response.

The Role of Databases

Often, the server doesn't hold all the data in memory. It connects to a Database (like PostgreSQL or MongoDB) to retrieve user profiles, posts, or product listings before returning the final HTML or JSON to the client.

2️⃣ DNS: The Internet's Phonebook

Humans are great at remembering names like google.com or github.com. Computers, however, only understand IP Addresses (e.g., 142.250.72.110).

DNS (Domain Name System) is the critical infrastructure that translates human-readable domain names into machine-readable IP addresses.

🔍 The DNS Lookup Process

When you visit example.com, your browser doesn't immediately know where to go. It must perform a DNS lookup:

  1. Browser Cache: Your browser checks its own memory. Have we visited example.com recently?
  2. OS Cache: If not in the browser, it asks the Operating System.
  3. ISP DNS Resolver: If the OS doesn't know, it queries your Internet Service Provider's (ISP) DNS resolver.
  4. Root & TLD Servers: The resolver contacts the Root Nameservers, which direct it to the Top-Level Domain (TLD) servers (like the servers governing all .com domains).
  5. Authoritative Nameserver: Finally, it hits the specific server that holds the exact IP record for example.com.

3️⃣ TCP/IP: The Delivery Mechanism

Once the browser has the IP address, it must establish a reliable connection. This is handled by TCP/IP (Transmission Control Protocol / Internet Protocol).

IP (Internet Protocol)

IP focuses on routing. It ensures that a packet of data finds its way from your router, across miles of fiber-optic cables, to the exact server in a data center.

  • IPv4: Looks like 192.168.1.1. It uses 32 bits, allowing for roughly 4.3 billion addresses (which we have mostly run out of).
  • IPv6: Looks like 2001:0db8:85a3:0000:0000:8a2e:0370:7334. It uses 128 bits, providing virtually infinite addresses for the modern IoT era.

TCP (Transmission Control Protocol)

TCP focuses on reliability. When you download an image, it isn't sent as one massive chunk. TCP chops the image into thousands of tiny packets. TCP ensures that:

  1. Every packet arrives.
  2. If a packet is lost in transit, it is re-requested.
  3. Packets are reassembled in the correct sequence.

Before any data is sent, TCP establishes a strict connection via a Three-Way Handshake:

  1. SYN: Client says "Hello, can we talk?"
  2. SYN-ACK: Server says "Yes, I hear you, can you hear me?"
  3. ACK: Client says "Yes, let's talk."

4️⃣ HTTP: The Language of the Web

With a TCP connection established, the client and server speak to each other using HTTP (HyperText Transfer Protocol). HTTP is plain-text communication.

📝 The Anatomy of an HTTP Request

When your browser asks for example.com, the raw HTTP request looks like this:

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Accept: text/html,application/xhtml+xml
Accept-Language: en-US,en;q=0.9

Key components:

  1. Method verb: GET (Give me data). Other verbs include POST (create data), PUT (update data), and DELETE (destroy data).
  2. Path: / (The root page).
  3. HTTP Version: HTTP/1.1
  4. Headers: Metadata about the request (e.g., User-Agent tells the server what browser you are using).

📬 The Anatomy of an HTTP Response

The server processes the request and sends back a response:

HTTP/1.1 200 OK
Date: Mon, 23 May 2022 22:38:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1256

<!DOCTYPE html>
<html>
<head>
    <title>Example Domain</title>
</head>
<body>
    <h1>Welcome to Example.com</h1>
</body>
</html>

Key components:

  1. Status Code: 200 OK (It worked!).
  2. Headers: Tells the browser what kind of data is attached (Content-Type: text/html).
  3. Body: The actual HTML content (or JSON, image bytes, etc.).

5️⃣ HTTP Status Codes Decoded

Every HTTP response includes a 3-digit status code. As a fullstack engineer, you must memorize the categories:

RangeNameWhat it MeansCommon Examples
1xxInformationalRequest received, continuing process.100 Continue
2xxSuccessThe action was successfully received, understood, and accepted.200 OK, 201 Created, 204 No Content
3xxRedirectionFurther action must be taken to complete the request.301 Moved Permanently, 302 Found
4xxClient ErrorYou messed up. Bad syntax or you are asking for something that doesn't exist.400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found
5xxServer ErrorThe server messed up. The server failed to fulfill an apparently valid request.500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable

6️⃣ Security: HTTPS and TLS/SSL

Plain HTTP is incredibly insecure. Because the data is sent in plain text, anyone sitting between you and the server (like someone on the same public Wi-Fi) can read your passwords and credit card numbers.

HTTPS (HyperText Transfer Protocol Secure) solves this by encrypting the HTTP messages using TLS (Transport Layer Security).

How TLS Works (The TLS Handshake)

  1. Client Hello: "I want to connect securely. Here are the cipher suites I support."
  2. Server Hello & Certificate: "Let's use AES-256. Here is my SSL Certificate to prove I am really google.com."
  3. Key Exchange: They perform complex mathematics (like Diffie-Hellman) to generate a shared secret "Session Key".
  4. Secure Communication: All further HTTP traffic is encrypted using this Session Key. If a hacker intercepts it, they only see gibberish.

7️⃣ Anatomy of a URL

As a web developer, you will manipulate URLs constantly. Here is how a Uniform Resource Locator is structured:

https://www.store.example.com:443/products/shoes?color=blue&size=10#details

  1. Protocol (https://): The rule set for communication.
  2. Subdomain (www.store.): Aids in organizing the main domain.
  3. Domain Name (example.com): The registered human-readable name.
  4. Port (:443): The technical "door" the server is listening to. (Default for HTTP is 80, HTTPS is 443).
  5. Path (/products/shoes): The specific route or file location on the server.
  6. Query String (?color=blue&size=10): Additional data passed to the server to filter or modify the request. Key-value pairs are separated by &.
  7. Fragment (#details): An internal page anchor. This part is never sent to the server; it is handled entirely by the browser to scroll to a specific section.

8️⃣ Performance: CDNs & Caching

If your server is in New York, and a user visits from Tokyo, the light traveling through fiber optic cables takes time. This physical distance causes Latency.

CDNs (Content Delivery Networks)

A CDN is a geographically distributed network of proxy servers. When you upload an image to a CDN, it copies that image to servers in London, Tokyo, Nairobi, and Sydney. When the user in Tokyo requests the image, they fetch it from the Tokyo server, significantly reducing latency.

Browser Caching

The fastest network request is the one you never make. When the server sends a logo image, it includes a Cache-Control header telling the browser, "Keep this image in your local hard drive for 30 days." On subsequent visits, the browser instantly loads the logo from its own cache, completely bypassing the network.

💡 Summary Checklist for Developers

  • Understand the difference between the Client (frontend) and Server (backend).
  • Memorize the standard HTTP Methods (GET, POST, PUT, DELETE).
  • Memorize the critical HTTP Status Code categories (2xx = Success, 4xx = Client Error, 5xx = Server Error).
  • Understand domain translation via DNS.
  • Never send sensitive data over plain HTTP; HTTPS is mandatory.
  • Know how to parse the components of a URL (Path vs. Query String).

By mastering these foundational concepts, you transition from someone who just "writes code" to a true engineer who understands exactly how their code travels across the globe.

Knowledge Check

Complete this quick quiz to verify your understanding and unlock the next module.