HTTP status Code

What is the HTTP status code, which is also a very high-frequency interview problem.
Generally everyone knows 404 page does not exist, 500 server error, 301 redirect, 302 Temporary redirect, 200ok,401 not authorized what.

If just a simple answer, may only let the interviewer give you a fifty or sixty-point answer, not enough to impress the interviewer, in order to demonstrate their good HTTP knowledge, you may be able to focus on three status codes and related knowledge, they are 304 negotiation cache, 101 protocol upgrade, and 307hsts jumps.

304 Negotiate Cache

Let's start with the 304 negotiation cache. This is a relatively basic knowledge. Believe me, as long as you mention the 304 negotiation cache, the interviewer will be tempted to ask you what is the negotiated cache?

It's time for you to show off your rich browser cache knowledge. I usually answer this: the browser cache is divided into forced cache and negotiated cache, the first read forced cache.

Forcing the cache into expires and Cache-control, while expires is a specific time, is compared to the old standard and cache-control is usually a specific length of time, relatively new, and with higher precedence.

While the negotiation cache includes ETag and last-modified,last-modified, the setting standard is the last modification time of the resource, and the ETag is to deal with the situation that the resource modification time can be very frequent, is the value based on the content of the resource, so the priority is also higher.

The difference between a negotiated cache and a forced cache is that forcing the cache does not require access to the server, the result is 200, the negotiation cache requires access to the server, and if the cache is hit, the return result is 304.

101 Protocol Upgrades

It is mainly used for websocket, and can also be used for HTTP2 upgrades.

The characteristics and efficacy of websocket are not in detail, we are very familiar with.

HTTP2 benefits A lot, generally say to support a single connection multiple requests, binary, compressed head, server push and other features of the interviewer is more satisfied. Specific understanding is also self-Google Baidu, here is not elaborate.

Of course, we may have to deal with the interviewer's next question: What is the difference between the HTTPS,HTTP,HTTP2 and its prototype spdy, and what are the advantages and disadvantages, and what links they have to establish the connection, which requires the reader to fully search their own query.

307 HSTs Jump

This relatively high-end, the original usage is used to let the POST request jump to the new post request, but also for HSTs jump.

HSTS full name HTTP Strict transport security (HTTP Strict Transport security, Compression: HSTS), the function is to require the next time the browser access to the site using HTTPS to access, and no longer need to first HTTP and then to HTTPS. This avoids an SSL peel attack, in which an attacker attacks on the user using HTTP access, impersonating the server as a user, using HTTPS access in the attacker and the server, and using HTTP access in the user and server.

The use of the method is to add strict-transport-security in the server response header, you can set the Max-age

Of course, referring to the SSL Peel attack, you must be very interested in what can be done to the alleged security of HTTPS attack? What I've learned here is that SSL hijacking attacks, presumably trusting third-party security credentials, are used by Agent software to monitor HTTPS. If there is more, welcome to add.

HTTP status Code