HTTP - Hypertext Transfer Protocol
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It is the foundation of data communication on the web, allowing browsers and servers to send and receive web content like HTML pages, images, videos, and more.
Why is HTTP useful?
Enables browsing websites and accessing online content.
Supports client-server communication over the internet.
Is stateless and lightweight, making it fast and scalable.
Forms the basis for REST APIs and modern web applications.
How it works?
Client sends a request: Your browser sends an HTTP request to a web server (e.g., GET /index.html).
Server processes the request: The server locates and prepares the requested resource.
Server sends a response: The server returns the content (like a webpage) along with a status code (e.g., 200 OK).
Browser displays the content: The user sees the requested webpage or data.
Where is HTTP used?
Web browsing: Loading websites and web applications.
APIs: Communication between frontend clients and backend services.
Mobile apps: To fetch and send data to cloud-based services.
IoT devices: For lightweight communication with web APIs and platforms.
Why OSI Layer: Application Layer (Layer 7)?
HTTP defines how web content is requested, served, and interpreted.
It provides services directly to end users and applications.
It operates above transport protocols like TCP (Layer 4) and handles high-level logic like headers, methods, and cookies.
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
HTTP Version |
RFC |
Year |
Core Idea / Contribution |
|---|---|---|---|
HTTP/0.9 |
|||
Informal (no RFC) |
1991 |
Very simple protocol supporting only GET method and no headers |
|
HTTP/1.0 |
|||
RFC 1945 |
1996 |
Introduced HTTP headers, status codes, and support for |
|
metadata. |
|||
HTTP/1.1 |
|||
RFC 2068 (1997), RFC 2616 (1999), |
19972022 |
Persistent connections, chunked transfer encoding, and caching |
|
replaced by RFC 9112 |
improvements. |
||
HTTP/2 |
|||
RFC 7540 |
2015 |
Binary framing, multiplexing, header compression (HPACK), and |
|
improved performance. |
|||
HTTP/3 |
|||
RFC 9114 |
2022 |
Runs over QUIC instead of TCP, offering faster connection setup and better performance. |
setup
test:~$ curl http://c-pointers.com
Expected output:The HTML source code of the webpage hosted at http://c-pointers.com
Step-1 : wireshark captures
client side
Step-2 : screenshots
client side
test:~$ wget http://c-pointers.com
Expected output:The HTML content of the webpage at http://c-pointers.com
Step-1 : wireshark captures
client side
Step-2 : screenshots
client side
setup
HTTP Request Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
HTTP Request |
Sent by the client to request a resource from the server |
|
Request Line |
Method, URL, and HTTP version (e.g., GET / HTTP/1.1) |
||
GET |
Retrieve a resource |
4 |
|
POST |
Submit data to the server (e.g., form data) |
4 |
|
HEAD |
Retrieve headers only (no body) |
4 |
|
PUT |
Upload or replace a resource |
4 |
|
DELETE |
Delete a resource |
6 |
|
OPTIONS |
Ask what methods are supported |
7 |
|
CONNECT |
Establish a tunnel (usually for HTTPS) |
7 |
|
TRACE |
Echo the received request (used for diagnostics) |
5 |
|
Host |
Specifies the target server’s hostname (required in HTTP/1.1) |
20 |
|
Proxy-Authorization |
(Optional) Used to authenticate with the proxy server |
20 |
|
User-Agent |
Identifies the client software making the request |
20 |
|
Accept |
Specifies the media types the client can handle |
20 |
|
Connection |
Controls whether the connection stays open or closes |
20 |
|
Via |
(Optional) Added by proxies to indicate intermediate hops |
20 |
|
X-Forwarded-For |
(Optional) Indicates the original client IP address |
20 |
|
Cache-Control |
Directives for caching mechanisms |
20 |
|
Body |
The actual content (HTML, JSON, etc.) |
Variable (~1000) |
|
Response Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
HTTP Request |
Sent by the client to request a resource from the server |
|
Request Line |
Method, URL, and HTTP version (e.g., GET / HTTP/1.1) |
||
GET |
Retrieve a resource |
4 |
|
POST |
Submit data to the server (e.g., form data) |
4 |
|
HEAD |
Retrieve headers only (no body) |
4 |
|
PUT |
Upload or replace a resource |
4 |
|
DELETE |
Delete a resource |
6 |
|
OPTIONS |
Ask what methods are supported |
7 |
|
CONNECT |
Establish a tunnel (usually for HTTPS) |
7 |
|
TRACE |
Echo the received request (used for diagnostics) |
5 |
|
Host |
Specifies the target server’s hostname (required in HTTP/1.1) |
20 |
|
Proxy-Authorization |
(Optional) Used to authenticate with the proxy server |
20 |
|
User-Agent |
Identifies the client software making the request |
20 |
|
Accept |
Specifies the media types the client can handle |
20 |
|
Connection |
Controls whether the connection stays open or closes |
20 |
|
Via |
(Optional) Added by proxies to indicate intermediate hops |
20 |
|
X-Forwarded-For |
(Optional) Indicates the original client IP address |
20 |
|
Cache-Control |
Directives for caching mechanisms |
20 |
|
Body |
The actual content (HTML, JSON, etc.) |
Variable (~1000) |
|
S.no |
Use Case |
Description |
|---|---|---|
1 |
Web Browsing |
HTTP is the foundation of data communication on the World Wide Web. |
2 |
RESTful APIs |
HTTP is widely used for communication between clients and servers in REST APIs. |
3 |
Mobile Applications |
Many mobile apps use HTTP to fetch and send data to backend servers. |
4 |
IoT Device Communication |
Lightweight HTTP requests are used by IoT devices to communicate with servers. |
5 |
Cloud Services |
HTTP enables access to cloud-based applications and services via web interfaces. |
6 |
File Downloads |
HTTP supports downloading files from web servers to client devices. |
7 |
Webhooks |
HTTP is used to send real-time notifications between systems via |
webhooks. |
||
8 |
Proxy and Caching |
HTTP headers and status codes help manage caching and proxy behavior. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Stateless Protocol |
Each HTTP request is independent; the server does not retain session |
information. |
||
2 |
Client-Server Architecture |
HTTP follows a request-response model between clients and servers. |
3 |
Media Type Support |
Supports multiple content types via MIME types (e.g., text/html, |
application/json). |
||
4 |
Flexible Methods |
Provides various methods like GET, POST, PUT, DELETE, etc., for different |
operations. |
||
5 |
Resource Identification |
Uses URLs to uniquely identify resources on the web. |
6 |
Extensible Headers |
Allows custom headers for additional metadata and control. |
7 |
Caching Support |
Supports caching mechanisms to improve performance and reduce |
server load. |
||
8 |
Secure Communication |
Can be secured using HTTPS (HTTP over SSL/TLS). |
9 |
Persistent Connections |
HTTP/1.1 and later support keeping connections open for multiple |
requests. |
||
10 |
Proxy and Gateway Support |
Can operate through proxies and gateways for load balancing and |
filtering. |
Stateless protocol - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Send Single HTTP Request |
Make a GET request |
Server responds without storing session |
2 |
Send Multiple Independent Requests |
Send two GET requests |
Server treats each independently |
3 |
No Session Memory |
Request same resource twice |
Server does not remember previous request |
4 |
No Built-in Session Tracking |
Access page without cookies |
No session maintained |
5 |
Stateless POST Request |
Submit form data |
Server processes without session |
6 |
Stateless PUT Request |
Update resource |
Server updates without session context |
7 |
Stateless DELETE Request |
Delete resource |
Server deletes without session memory |
8 |
Stateless HEAD Request |
Request headers only |
Server responds without storing state |
9 |
Stateless OPTIONS Request |
Request supported methods |
Server responds without session |
10 |
Stateless TRACE Request |
Echo request |
Server echoes without session |
11 |
Stateless Request with Headers |
Send custom headers |
Server processes without storing them |
12 |
Stateless Request with Query Params |
Use URL parameters |
Server does not retain them |
13 |
Stateless Request with Body |
Send JSON body |
Server processes without memory |
14 |
Stateless Request with Redirect |
Follow redirect |
Each request is independent |
15 |
Stateless Request with Authentication |
Use Basic Auth |
Server authenticates per request |
16 |
Stateless Request with Token |
Use Bearer token |
Token validated per request |
17 |
Stateless Request with Cookie |
Send cookie manually |
Server does not store session |
18 |
Stateless Request with Cache-Control |
Use no-cache |
Server does not cache session |
19 |
Stateless Request with User-Agent |
Send browser info |
Server does not retain it |
20 |
Stateless Request with Referer |
Send referer header |
Server does not track navigation |
21 |
Stateless Request with Accept-Language |
Send language preference |
Server responds accordingly, no memory |
22 |
Stateless Request with Content-Type |
Specify content type |
Server processes without storing |
23 |
Stateless Request with Accept-Encoding |
Specify encoding |
Server responds without storing |
24 |
Stateless Request with Connection Header |
Use keep-alive |
Connection reused, not session |
25 |
Stateless Request with Host Header |
Specify host |
Server routes without session |
26 |
Stateless Request with Range Header |
Request partial content |
Server responds without memory |
27 |
Stateless Request with If-Modified-Since |
Conditional GET |
Server checks header, no session |
28 |
Stateless Request with ETag |
Use ETag for caching |
Server compares, no session |
29 |
Stateless Request with Retry |
Retry failed request |
Server treats as new request |
30 |
Stateless Request with Timeout |
Request times out |
No session retained |
31 |
Stateless Request with Proxy |
Route via proxy |
Proxy does not affect statelessness |
32 |
Stateless Request with Load Balancer |
Route to different server |
Each server handles independently |
33 |
Stateless Request with CDN |
Serve via CDN |
CDN caches, server remains stateless |
34 |
Stateless Request with Firewall |
Pass through firewall |
No session stored |
35 |
Stateless Request with Logging |
Log request |
Logs do not affect statelessness |
36 |
Stateless Request with Monitoring |
Monitor traffic |
Monitoring does not store session |
37 |
Stateless Request with Rate Limiting |
Apply limits |
Limits per request, not session |
38 |
Stateless Request with Throttling |
Throttle requests |
Each request evaluated independently |
39 |
Stateless Request with Analytics |
Track usage |
Analytics does not imply session |
40 |
Stateless Request with CSP |
Use Content Security Policy |
Policy enforced per request |
41 |
Stateless Request with CORS |
Cross-origin request |
CORS headers evaluated per request |
42 |
Stateless Request with Preflight |
Send OPTIONS before POST |
Each request is stateless |
43 |
Stateless Request with JSONP |
Use JSONP for cross-domain |
No session stored |
44 |
Stateless Request with Webhook |
Trigger webhook |
Each call is independent |
45 |
Stateless Request with API Gateway |
Route via gateway |
Gateway does not store session |
46 |
Stateless Request with Serverless Function |
Trigger function |
Function executes per request |
47 |
Stateless Request with Static Site |
Access static content |
No session involved |
48 |
Stateless Request with SPA |
Load single-page app |
App handles state, not HTTP |
49 |
Stateless Request with CDN Prefetch |
Prefetch content |
Server remains stateless |
50 |
Stateless Request with HTTP/2 |
Use multiplexed streams |
Statelessness preserved |
Client server Architecture - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Client Sends GET Request |
Browser requests a webpage |
Server responds with HTML |
2 |
Client Sends POST Request |
Submit form data |
Server processes and responds |
3 |
Client Sends PUT Request |
Update resource |
Server updates and confirms |
4 |
Client Sends DELETE Request |
Delete resource |
Server deletes and responds |
5 |
Client Sends HEAD Request |
Request headers only |
Server returns headers |
6 |
Client Sends OPTIONS Request |
Request supported methods |
Server lists allowed methods |
7 |
Client Sends TRACE Request |
Echo request |
Server returns request |
8 |
Client Sends PATCH Request |
Partially update resource |
Server applies changes |
9 |
Client Sends Request with Headers |
Include custom headers |
Server processes headers |
10 |
Client Sends Request with Body |
Include JSON/XML body |
Server parses and responds |
11 |
Client Sends Request with Query Params |
Include URL parameters |
Server processes parameters |
12 |
Client Sends Request with Cookies |
Include session cookie |
Server reads cookie |
13 |
Client Sends Authenticated Request |
Use Basic/Auth token |
Server validates credentials |
14 |
Client Sends Request to API |
Call REST endpoint |
Server returns JSON |
15 |
Client Sends Request to CDN |
Request static content |
CDN/server responds |
16 |
Client Sends Request to Load Balancer |
Request routed to server |
Server responds |
17 |
Client Sends Request via Proxy |
Use HTTP proxy |
Server responds via proxy |
18 |
Client Sends Request via VPN |
Use VPN tunnel |
Server responds normally |
19 |
Client Sends Request via Mobile App |
App sends HTTP request |
Server responds with data |
20 |
Client Sends Request via Desktop App |
App sends HTTP request |
Server responds |
21 |
Client Sends Request via CLI Tool |
Use curl/wget |
Server returns response |
22 |
Client Sends Request via Browser Extension |
Extension sends request |
Server responds |
23 |
Client Sends Request via IoT Device |
Device sends telemetry |
Server stores data |
24 |
Client Sends Request via Game Client |
Game fetches data |
Server responds |
25 |
Client Sends Request via Smart TV |
TV app requests content |
Server streams video |
26 |
Client Sends Request via Voice Assistant |
Voice command triggers request |
Server responds |
27 |
Client Sends Request via Script |
Automated script sends request |
Server processes it |
28 |
Client Sends Request via Webhook |
Event triggers HTTP call |
Server receives and responds |
29 |
Client Sends Request via Scheduler |
Cron job sends request |
Server responds on schedule |
30 |
Client Sends Request via Email Client |
Email client syncs |
Server returns messages |
31 |
Client Sends Request via Chatbot |
Bot sends HTTP call |
Server returns reply |
32 |
Client Sends Request via Monitoring Tool |
Tool checks server health |
Server returns status |
33 |
Client Sends Request via Analytics Tool |
Tool sends usage data |
Server logs it |
34 |
Client Sends Request via Payment Gateway |
Payment initiated |
Server processes transaction |
35 |
Client Sends Request via CDN Prefetch |
Prefetch content |
Server responds |
36 |
Client Sends Request via SPA |
Single-page app fetches data |
Server returns JSON |
37 |
Client Sends Request via Serverless Function |
Function triggers HTTP call |
Server responds |
38 |
Client Sends Request via API Gateway |
Gateway forwards request |
Server responds |
39 |
Client Sends Request via Reverse Proxy |
Proxy routes to server |
Server responds |
40 |
Client Sends Request via Firewall |
Request passes through firewall |
Server responds |
41 |
Client Sends Request via NAT |
Request translated |
Server responds |
42 |
Client Sends Request via IPv6 |
Use IPv6 address |
Server responds |
43 |
Client Sends Request via IPv4 |
Use IPv4 address |
Server responds |
44 |
Client Sends Request via HTTP/2 |
Use multiplexed streams |
Server responds |
45 |
Client Sends Request via HTTP/3 |
Use QUIC protocol |
Server responds |
46 |
Client Sends Request with Retry |
Retry on failure |
Server responds to each |
47 |
Client Sends Request with Timeout |
Timeout set |
Server responds within time |
48 |
Client Sends Request with Redirect |
Follow 3xx redirect |
Final server responds |
49 |
Client Sends Request with CORS |
Cross-origin request |
Server responds with CORS headers |
50 |
Client Sends Request with CSP |
Content Security Policy enforced |
Server responds accordingly |
Media Type support - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Request HTML Page |
GET request for .html file |
Server responds with text/html |
2 |
Request JSON API |
GET request to REST API |
Server responds with application/json |
3 |
Request XML Data |
GET request for XML |
Server responds with application/xml |
4 |
Request Plain Text |
GET request for .txt file |
Server responds with text/plain |
5 |
Request CSS File |
GET request for .css |
Server responds with text/css |
6 |
Request JavaScript File |
GET request for .js |
Server responds with application/javascript |
7 |
Request PNG Image |
GET request for .png |
Server responds with image/png |
8 |
Request JPEG Image |
GET request for .jpg |
Server responds with image/jpeg |
9 |
Request SVG Image |
GET request for .svg |
Server responds with image/svg+xml |
10 |
Request PDF File |
GET request for .pdf |
Server responds with application/pdf |
11 |
Request MP4 Video |
GET request for .mp4 |
Server responds with video/mp4 |
12 |
Request MP3 Audio |
GET request for .mp3 |
Server responds with audio/mpeg |
13 |
Request WebP Image |
GET request for .webp |
Server responds with image/webp |
14 |
Request WebM Video |
GET request for .webm |
Server responds with video/webm |
15 |
Request ZIP File |
GET request for .zip |
Server responds with application/zip |
16 |
Request GZIP File |
GET request for .gz |
Server responds with application/gzip |
17 |
Request CSV File |
GET request for .csv |
Server responds with text/csv |
18 |
Request Markdown File |
GET request for .md |
Server responds with text/markdown |
19 |
Request Binary File |
GET request for .bin |
Server responds with application/octet-stream |
20 |
Request ICO File |
GET request for .ico |
Server responds with image/x-icon |
21 |
Request Font File (WOFF) |
GET request for .woff |
Server responds with font/woff |
22 |
Request Font File (WOFF2) |
GET request for .woff2 |
Server responds with font/woff2 |
23 |
Request JSON with Accept Header |
Set Accept: application/json |
Server returns JSON |
24 |
Request HTML with Accept Header |
Set Accept: text/html |
Server returns HTML |
25 |
Request Image with Accept Header |
Set Accept: image/* |
Server returns image |
26 |
Request Any Type |
Set Accept: / |
Server returns default content |
27 |
Request Unsupported Type |
Set Accept: application/x-unknown |
Server returns 406 Not Acceptable |
28 |
Request Multipart Form |
Submit form with file |
Server responds with multipart/form-data |
29 |
Request Form URL Encoded |
Submit form data |
Server responds with application/x-www-form-urlencoded |
30 |
Request JSON POST |
POST JSON body |
Server processes application/json |
31 |
Request XML POST |
POST XML body |
Server processes application/xml |
32 |
Request File Upload |
Upload file via POST |
Server handles file type correctly |
33 |
Request Content Negotiation |
Server chooses best type |
Based on Accept header |
34 |
Request Language and Type |
Use Accept-Language and Accept |
Server returns localized content |
35 |
Request with Content-Type Header |
Set Content-Type: application/json |
Server parses JSON body |
36 |
Request with Incorrect Content-Type |
Mismatch type and body |
Server returns 400 Bad Request |
37 |
Request with Charset |
Set Content-Type: text/html; charset=UTF-8 |
Server respects charset |
38 |
Request with Multiple Accept Types |
Accept: text/html, application/json |
Server returns preferred type |
39 |
Request with Content-Disposition |
Download file |
Server sets correct MIME and filename |
40 |
Request with Inline Content |
View file in browser |
Server sets Content-Disposition: inline |
41 |
Request with Attachment |
Force download |
Server sets Content-Disposition: attachment |
42 |
Request with Media Range |
Accept: image/* |
Server returns matching image type |
43 |
Request with Wildcard Type |
Accept: / |
Server returns default type |
44 |
Request with Quality Values |
Accept: text/html;q=0.8, application/json;q=1.0 |
Server returns JSON |
45 |
Request with Preflight CORS |
Use OPTIONS with content type |
Server responds with allowed types |
46 |
Request with Content-Encoding |
Use gzip encoding |
Server decompresses and responds |
47 |
Request with Transfer-Encoding |
Use chunked transfer |
Server streams content |
48 |
Request with Streaming Media |
Stream audio/video |
Server uses correct MIME |
49 |
Request with API Gateway |
API returns multiple types |
Based on request headers |
50 |
Request with Static File Server |
Serve static files |
MIME types correctly set |
Flexible methods - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Use GET Method |
Retrieve a resource |
Server returns resource |
2 |
Use POST Method |
Submit new data |
Server creates resource |
3 |
Use PUT Method |
Update existing resource |
Server updates resource |
4 |
Use DELETE Method |
Remove a resource |
Server deletes resource |
5 |
Use HEAD Method |
Request headers only |
Server returns headers |
6 |
Use OPTIONS Method |
Discover allowed methods |
Server returns allowed methods |
7 |
Use PATCH Method |
Partially update resource |
Server applies partial update |
8 |
Use TRACE Method |
Echo request |
Server returns request |
9 |
Use CONNECT Method |
Establish tunnel |
Server opens tunnel (e.g., for HTTPS) |
10 |
Use GET with Query Params |
Retrieve filtered data |
Server returns filtered results |
11 |
Use POST with JSON Body |
Submit structured data |
Server processes JSON |
12 |
Use PUT with ID in URL |
Update specific resource |
Server updates correct item |
13 |
Use DELETE with ID in URL |
Delete specific resource |
Server deletes correct item |
14 |
Use GET with Headers |
Include custom headers |
Server processes headers |
15 |
Use POST with Form Data |
Submit form |
Server processes form |
16 |
Use PUT with XML Body |
Update using XML |
Server parses and updates |
17 |
Use DELETE with Auth |
Authenticated delete |
Server validates and deletes |
18 |
Use GET with Caching |
Use If-Modified-Since |
Server returns 304 if unchanged |
19 |
Use POST with File Upload |
Upload file |
Server stores file |
20 |
Use PATCH with JSON Patch |
Apply JSON patch |
Server updates fields |
21 |
Use OPTIONS for CORS |
Preflight request |
Server returns CORS headers |
22 |
Use GET for Static File |
Request image or CSS |
Server returns file |
23 |
Use POST for Login |
Submit credentials |
Server returns token/session |
24 |
Use PUT for Profile Update |
Update user profile |
Server confirms update |
25 |
Use DELETE for Account |
Remove user account |
Server confirms deletion |
26 |
Use GET for Pagination |
Request page 2 |
Server returns correct page |
27 |
Use POST for Search |
Submit search query |
Server returns results |
28 |
Use PUT for Resource Creation |
Create with known ID |
Server creates or replaces |
29 |
Use DELETE for Batch |
Delete multiple items |
Server deletes all specified |
30 |
Use GET for Download |
Download file |
Server returns file stream |
31 |
Use POST for Payment |
Submit payment info |
Server processes transaction |
32 |
Use PUT for Settings |
Update user settings |
Server saves settings |
33 |
Use DELETE for Session |
Logout user |
Server ends session |
34 |
Use GET for Health Check |
Ping server |
Server returns 200 OK |
35 |
Use POST for Feedback |
Submit feedback form |
Server stores feedback |
36 |
Use PATCH for Status Update |
Update order status |
Server updates status |
37 |
Use OPTIONS for API Discovery |
Discover API methods |
Server lists supported methods |
38 |
Use GET for Redirect |
Request old URL |
Server returns 301/302 |
39 |
Use POST for Registration |
Create new user |
Server returns user ID |
40 |
Use PUT for Password Reset |
Update password |
Server confirms change |
41 |
Use DELETE for File |
Remove uploaded file |
Server deletes file |
42 |
Use GET for JSON Response |
Request API data |
Server returns JSON |
43 |
Use POST for Webhook |
Trigger webhook |
Server processes event |
44 |
Use PUT for Resource Sync |
Sync external data |
Server updates resource |
45 |
Use DELETE for Expired Data |
Clean up old records |
Server confirms deletion |
46 |
Use GET with Accept Header |
Request specific format |
Server returns correct MIME type |
47 |
Use POST with Multipart Data |
Upload multiple files |
Server processes all parts |
48 |
Use PATCH with Auth |
Authenticated partial update |
Server applies changes |
49 |
Use OPTIONS with Auth |
Discover methods with token |
Server returns allowed methods |
50 |
Use GET with Rate Limiting |
Exceed request limit |
Server returns 429 Too Many Requests |
Resource Identification - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Access Resource by URL |
Enter full URL in browser |
Correct resource loads |
2 |
Access Resource by Path |
Use /products/123 |
Specific product is returned |
3 |
Access Resource by Query String |
Use ?id=456 |
Server returns matching resource |
4 |
Access Resource by Fragment |
Use #section2 |
Browser scrolls to section |
5 |
Access Resource by Subdomain |
Use api.example.com |
API endpoint responds |
6 |
Access Resource by Port |
Server responds on custom port |
|
7 |
Access Resource by Protocol |
Use https:// |
Secure connection established |
8 |
Access Resource by IP Address |
Server responds |
|
9 |
Access Resource by Domain Name |
Homepage loads |
|
10 |
Access Resource by File Extension |
Use .html, .json, etc. |
Correct MIME type returned |
11 |
Access Resource by RESTful URL |
Use /users/42/posts |
Server returns users posts |
12 |
Access Resource by Slug |
Use /blog/how-to-code |
Blog post loads |
13 |
Access Resource by UUID |
Use /items/550e8400-e29b-41d4-a716-446655440000 |
Unique item returned |
14 |
Access Resource by Date |
Use /archive/2025/07/04 |
Archive for date loads |
15 |
Access Resource by Language |
Use /en/about |
English version loads |
16 |
Access Resource by Version |
Use /v1/users |
API version 1 responds |
17 |
Access Resource by File Name |
Use /files/report.pdf |
PDF file downloads |
18 |
Access Resource by Category |
Use /products/electronics |
Electronics category loads |
19 |
Access Resource by Tag |
Use /tags/javascript |
Tagged content loads |
20 |
Access Resource by Pagination |
Use /page/3 |
Page 3 of results loads |
21 |
Access Resource by Filter |
Use /products?color=red |
Filtered results shown |
22 |
Access Resource by Sort Order |
Use /products?sort=price_asc |
Sorted list returned |
23 |
Access Resource by Search Term |
Use /search?q=shoes |
Search results shown |
24 |
Access Resource by User ID |
Use /users/101 |
User profile loads |
25 |
Access Resource by Session ID |
Use /session/abc123 |
Session data returned |
26 |
Access Resource by Token |
Use /reset-password?token=xyz |
Password reset page loads |
27 |
Access Resource by File Path |
Use /assets/images/logo.png |
Image loads |
28 |
Access Resource by Environment |
Use /dev/api |
Development API responds |
29 |
Access Resource by Region |
Use /us/products |
US-specific content shown |
30 |
Access Resource by Device Type |
Use /mobile/home |
Mobile version loads |
31 |
Access Resource by Media Type |
Use /media/video.mp4 |
Video plays |
32 |
Access Resource by Time Range |
Use /logs?start=10:00&end=12:00 |
Logs for time range shown |
33 |
Access Resource by Role |
Use /admin/dashboard |
Admin dashboard loads |
34 |
Access Resource by Status |
Use /orders?status=shipped |
Shipped orders listed |
35 |
Access Resource by Country Code |
Use /in/news |
India-specific news shown |
36 |
Access Resource by Currency |
Use /prices?currency=USD |
Prices in USD shown |
37 |
Access Resource by Theme |
Use /theme/dark |
Dark theme applied |
38 |
Access Resource by Format |
Use /data.xml |
XML data returned |
39 |
Access Resource by MIME Type |
Use Accept: application/json |
JSON returned |
40 |
Access Resource by Content ID |
Use /content/789 |
Specific content loads |
41 |
Access Resource by API Key |
Use /api/data?key=abc123 |
Data returned if key valid |
42 |
Access Resource by Referral |
Use /referral?code=invite123 |
Referral page loads |
43 |
Access Resource by Campaign |
Use /promo?campaign=summer25 |
Promo content shown |
44 |
Access Resource by Feature Flag |
Use /features/new-ui |
New UI loads |
45 |
Access Resource by Locale |
Use /fr/contact |
French contact page loads |
46 |
Access Resource by Device ID |
Use /device/xyz789 |
Device info returned |
47 |
Access Resource by Browser Type |
Use /browser/chrome |
Chrome-specific content shown |
48 |
Access Resource by Timezone |
Use /timezone/IST |
IST-based data shown |
49 |
Access Resource by Subscription |
Use /premium/content |
Premium content loads |
50 |
Access Resource by Custom Alias |
Use /go/launch |
Redirects to target URL |
Extensible Headers - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Use Custom Header |
Send X-Custom-Header |
Server receives and logs header |
2 |
Use Correlation ID Header |
Send X-Correlation-ID |
Server logs request ID |
3 |
Use Request ID Header |
Send X-Request-ID |
Server traces request |
4 |
Use Client Version Header |
Send X-Client-Version |
Server adapts response |
5 |
Use Feature Flag Header |
Send X-Feature-Flag: new-ui |
Server enables feature |
6 |
Use API Version Header |
Send X-API-Version: v2 |
Server routes to v2 |
7 |
Use Locale Header |
Send X-Locale: en-IN |
Server returns localized content |
8 |
Use Device ID Header |
Send X-Device-ID |
Server identifies device |
9 |
Use Platform Header |
Send X-Platform: Android |
Server customizes response |
10 |
Use App ID Header |
Send X-App-ID |
Server identifies application |
11 |
Use Auth Token Header |
Send X-Auth-Token |
Server authenticates request |
12 |
Use Session Token Header |
Send X-Session-Token |
Server validates session |
13 |
Use User Role Header |
Send X-User-Role: admin |
Server applies permissions |
14 |
Use Debug Mode Header |
Send X-Debug: true |
Server includes debug info |
15 |
Use Trace Header |
Send X-Trace: true |
Server enables tracing |
16 |
Use Retry Count Header |
Send X-Retry-Count: 2 |
Server logs retry attempt |
17 |
Use Client Time Header |
Send X-Client-Time |
Server logs client timestamp |
18 |
Use Timezone Header |
Send X-Timezone: IST |
Server adjusts time data |
19 |
Use Experiment Header |
Send X-Experiment: A |
Server assigns test group |
20 |
Use Request Source Header |
Send X-Source: mobile-app |
Server logs source |
21 |
Use Request Purpose Header |
Send X-Purpose: prefetch |
Server optimizes response |
22 |
Use Forwarded-For Header |
Send X-Forwarded-For |
Server logs original IP |
23 |
Use Rate Limit Header |
Server sends X-RateLimit-Remaining |
Client adjusts requests |
24 |
Use Retry-After Header |
Server sends Retry-After |
Client waits before retry |
25 |
Use Deprecation Header |
Server sends Deprecation: true |
Client warns user |
26 |
Use Warning Header |
Server sends Warning |
Client displays caution |
27 |
Use Custom Content-Type |
Send Content-Type: application/x-custom |
Server parses correctly |
28 |
Use Custom Accept Header |
Send Accept: application/x-custom |
Server returns custom format |
29 |
Use Custom Cache-Control |
Send X-Cache-Control: no-store |
Server disables caching |
30 |
Use Custom User-Agent |
Send User-Agent: MyApp/1.0 |
Server logs client info |
31 |
Use Custom Referrer |
Send Referer: custom-page |
Server logs source page |
32 |
Use Custom Origin |
Send Origin: custom-origin.com |
Server applies CORS rules |
33 |
Use Custom Authorization |
Send Authorization: Custom xyz |
Server authenticates |
34 |
Use Custom Cookie Header |
Send Cookie: session=abc |
Server reads session |
35 |
Use Custom Response Header |
Server sends X-Server-Region |
Client logs region |
36 |
Use Custom Error Code Header |
Server sends X-Error-Code |
Client handles error |
37 |
Use Custom Retry Header |
Server sends X-Retry-After |
Client delays retry |
38 |
Use Custom Logging Header |
Send X-Log-Level: debug |
Server logs in debug mode |
39 |
Use Custom Compression Header |
Send X-Compression: brotli |
Server compresses accordingly |
40 |
Use Custom Encryption Header |
Send X-Encryption: AES256 |
Server decrypts payload |
41 |
Use Custom Signature Header |
Send X-Signature |
Server verifies signature |
42 |
Use Custom Metadata Header |
Send X-Metadata: key=value |
Server stores metadata |
43 |
Use Custom Language Header |
Send X-Language: en |
Server returns localized content |
44 |
Use Custom Theme Header |
Send X-Theme: dark |
Server applies theme |
45 |
Use Custom Device Type Header |
Send X-Device-Type: tablet |
Server adjusts layout |
46 |
Use Custom Session Expiry Header |
Server sends X-Session-Expires-In |
Client handles timeout |
47 |
Use Custom Notification Header |
Server sends X-Notification: alert |
Client shows alert |
48 |
Use Custom Analytics Header |
Send X-Analytics-ID |
Server logs for analytics |
49 |
Use Custom Consent Header |
Send X-Consent: granted |
Server processes consent |
50 |
Use Custom Feature Toggle Header |
Send X-Feature-Toggle: beta |
Server enables beta feature |
Caching support - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Use Cache-Control: public |
Allow caching by any cache |
Response is cached |
2 |
Use Cache-Control: private |
Allow caching by client only |
Response cached by browser |
3 |
Use Cache-Control: no-cache |
Force revalidation |
Cache revalidates before use |
4 |
Use Cache-Control: no-store |
Prevent caching |
Response not stored |
5 |
Use Cache-Control: max-age |
Set cache duration |
Response cached for specified time |
6 |
Use Cache-Control: must-revalidate |
Require revalidation after expiry |
Cache checks with server |
7 |
Use Cache-Control: proxy-revalidate |
Require proxy to revalidate |
Proxy revalidates before reuse |
8 |
Use Cache-Control: s-maxage |
Set max-age for shared caches |
CDN caches for specified time |
9 |
Use ETag Header |
Send entity tag |
Server uses it for validation |
10 |
Use If-None-Match Header |
Send ETag in request |
Server returns 304 if unchanged |
11 |
Use Last-Modified Header |
Send last modified date |
Server uses it for validation |
12 |
Use If-Modified-Since Header |
Send date in request |
Server returns 304 if not modified |
13 |
Use Expires Header |
Set expiration date |
Response cached until expiry |
14 |
Use Vary Header |
Cache based on headers |
Separate cache entries created |
15 |
Use Vary: Accept-Encoding |
Cache gzip and non-gzip separately |
Correct version served |
16 |
Use Vary: User-Agent |
Cache per browser |
Browser-specific responses cached |
17 |
Use Vary: Accept-Language |
Cache per language |
Language-specific content served |
18 |
Use Conditional GET |
Use ETag or Last-Modified |
Server returns 304 if valid |
19 |
Use CDN Caching |
Cache at edge servers |
Faster delivery |
20 |
Use Browser Caching |
Cache in browser |
Faster repeat visits |
21 |
Use Proxy Caching |
Cache at proxy server |
Reduces server load |
22 |
Use Service Worker Caching |
Cache via service worker |
Offline access enabled |
23 |
Use Static File Caching |
Cache CSS/JS/images |
Static assets load faster |
24 |
Use Dynamic Content Caching |
Cache API responses |
Reduces backend load |
25 |
Use Cache Invalidation |
Update cache after change |
New content served |
26 |
Use Cache Busting |
Add version to URL |
Forces fresh fetch |
27 |
Use Preload Header |
Hint browser to cache early |
Resource preloaded |
28 |
Use Prefetch Header |
Hint browser to prefetch |
Resource fetched in advance |
29 |
Use Pragma: no-cache |
Legacy no-cache directive |
Response not cached |
30 |
Use 304 Not Modified |
Server returns 304 |
Client uses cached version |
31 |
Use 200 OK with Cache Headers |
Server returns fresh content |
Cache updated |
32 |
Use HEAD Request for Validation |
Check headers only |
Cache validated |
33 |
Use Cache-Control with HTML |
Cache HTML page |
Page loads faster |
34 |
Use Cache-Control with JSON |
Cache API response |
JSON reused |
35 |
Use Cache-Control with Images |
Cache image files |
Images load from cache |
36 |
Use Cache-Control with Fonts |
Cache font files |
Fonts load quickly |
37 |
Use Cache-Control with Video |
Cache video segments |
Smooth playback |
38 |
Use Cache-Control with Audio |
Cache audio files |
Audio plays without delay |
39 |
Use Cache-Control with PDF |
Cache document |
PDF opens instantly |
40 |
Use Cache-Control with Redirect |
Cache redirect response |
Redirect reused |
41 |
Use Cache-Control with 404 |
Cache not found response |
Reduces repeated lookups |
42 |
Use Cache-Control with 500 |
Avoid caching server errors |
Response not cached |
43 |
Use Cache-Control with Login Page |
Prevent caching |
Sensitive data protected |
44 |
Use Cache-Control with Logout |
Prevent caching |
Session cleared |
45 |
Use Cache-Control with Search Results |
Cache short-term |
Results load faster |
46 |
Use Cache-Control with Pagination |
Cache each page separately |
Navigation is fast |
47 |
Use Cache-Control with Language Switch |
Cache per language |
Correct version served |
48 |
Use Cache-Control with Theme Switch |
Cache per theme |
Correct style applied |
49 |
Use Cache-Control with Device Type |
Cache per device |
Optimized content served |
50 |
Use Cache-Control with User Role |
Cache per role |
Role-specific content served |
Secure Communication - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Access HTTPS Website |
Open https://example.com |
Secure connection established |
2 |
Use HTTPS with Valid Certificate |
Server uses trusted SSL cert |
Browser shows secure padlock |
3 |
Use HTTPS with Self-Signed Certificate |
Server uses self-signed cert |
Browser shows warning |
4 |
Use HTTPS with Expired Certificate |
Certificate is expired |
Browser blocks access |
5 |
Use HTTPS with Revoked Certificate |
Certificate is revoked |
Browser shows error |
6 |
Use HTTPS with Mismatched Domain |
Cert domain request domain |
Browser shows warning |
7 |
Use HTTPS with TLS 1.2 |
Server supports TLS 1.2 |
Connection succeeds |
8 |
Use HTTPS with TLS 1.3 |
Server supports TLS 1.3 |
Connection succeeds |
9 |
Use HTTPS with Weak Cipher |
Server uses outdated cipher |
Browser warns or blocks |
10 |
Use HTTPS with Strong Cipher |
Server uses AES-256 |
Secure connection established |
11 |
Use HTTPS with HSTS |
Server sends HSTS header |
Browser enforces HTTPS |
12 |
Use HTTPS with Redirect from HTTP |
HTTP redirects to HTTPS |
Secure connection established |
13 |
Use HTTPS with Secure Cookies |
Cookies marked Secure |
Sent only over HTTPS |
14 |
Use HTTPS with Secure Headers |
Server sends Strict-Transport-Security |
Browser enforces HTTPS |
15 |
Use HTTPS with Content Security Policy |
Server sends CSP header |
Browser enforces policy |
16 |
Use HTTPS with CORS |
Cross-origin request over HTTPS |
Server responds with CORS headers |
17 |
Use HTTPS with Authentication |
Login over HTTPS |
Credentials encrypted |
18 |
Use HTTPS with API |
Call REST API over HTTPS |
Data transmitted securely |
19 |
Use HTTPS with WebSocket |
Use wss:// |
Secure WebSocket connection |
20 |
Use HTTPS with CDN |
Content served via HTTPS |
Secure delivery |
21 |
Use HTTPS with Load Balancer |
HTTPS terminates at load balancer |
Secure connection maintained |
22 |
Use HTTPS with Reverse Proxy |
Proxy handles HTTPS |
Secure connection established |
23 |
Use HTTPS with Mobile App |
App connects via HTTPS |
Data encrypted |
24 |
Use HTTPS with Desktop App |
App uses HTTPS for API |
Secure communication |
25 |
Use HTTPS with IoT Device |
Device sends data via HTTPS |
Data encrypted |
26 |
Use HTTPS with Browser Extension |
Extension uses HTTPS |
Secure data exchange |
27 |
Use HTTPS with CLI Tool |
Use curl/wget with HTTPS |
Secure download |
28 |
Use HTTPS with Certificate Pinning |
Client validates cert fingerprint |
Prevents MITM attacks |
29 |
Use HTTPS with Mutual TLS |
Client and server authenticate |
Secure two-way connection |
30 |
Use HTTPS with OCSP Stapling |
Server provides OCSP response |
Faster cert validation |
31 |
Use HTTPS with SNI |
Multiple domains on one IP |
Correct cert served |
32 |
Use HTTPS with IPv6 |
Connect via https://[IPv6] |
Secure connection established |
33 |
Use HTTPS with IPv4 |
Connect via https://IP |
Secure connection established |
34 |
Use HTTPS with DNS over HTTPS (DoH) |
Resolve DNS securely |
DNS queries encrypted |
35 |
Use HTTPS with TLS Session Resumption |
Reuse session |
Faster handshake |
36 |
Use HTTPS with Forward Secrecy |
Use ephemeral keys |
Past sessions safe |
37 |
Use HTTPS with Encrypted SNI |
Hide domain in handshake |
Prevents SNI leaks |
38 |
Use HTTPS with Certificate Transparency |
Cert logged in CT logs |
Increases trust |
39 |
Use HTTPS with Monitoring Tool |
Monitor HTTPS traffic |
Valid cert and cipher shown |
40 |
Use HTTPS with Logging Tool |
Log HTTPS requests |
Sensitive data encrypted |
41 |
Use HTTPS with Rate Limiting |
Apply limits over HTTPS |
Limits enforced securely |
42 |
Use HTTPS with CDN Edge Node |
Connect to nearest secure node |
Fast and secure delivery |
43 |
Use HTTPS with Static Site |
Serve static files securely |
Files load over HTTPS |
44 |
Use HTTPS with Dynamic Site |
Serve dynamic content |
Secure connection |
45 |
Use HTTPS with Payment Gateway |
Submit payment info |
Data encrypted |
46 |
Use HTTPS with OAuth |
Token exchange over HTTPS |
Tokens protected |
47 |
Use HTTPS with SSO |
Single sign-on via HTTPS |
Secure authentication |
48 |
Use HTTPS with Email API |
Send email via HTTPS |
Secure transmission |
49 |
Use HTTPS with File Upload |
Upload files securely |
Data encrypted in transit |
50 |
Use HTTPS with File Download |
Download files securely |
Data encrypted in transit |
Persistent Connections - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Use HTTP/1.1 Default Keep-Alive |
Send multiple requests |
Connection reused |
2 |
Use Connection: keep-alive Header |
Explicitly request persistent connection |
Connection stays open |
3 |
Use Connection: close Header |
Request connection closure |
Connection closed after response |
4 |
Send Multiple GET Requests |
Use same connection |
All responses received over one connection |
5 |
Send Multiple POST Requests |
Use same connection |
Server processes all without reconnecting |
6 |
Mix GET and POST Requests |
Use persistent connection |
All requests succeed |
7 |
Use Persistent Connection with API |
Call multiple endpoints |
Single connection used |
8 |
Use Persistent Connection with CDN |
Fetch multiple assets |
Connection reused |
9 |
Use Persistent Connection with Browser |
Load page with many resources |
Fewer TCP handshakes |
10 |
Use Persistent Connection with Proxy |
Proxy maintains connection |
Efficient routing |
11 |
Use Persistent Connection with Load Balancer |
Load balancer supports reuse |
Connection reused |
12 |
Use Persistent Connection with HTTPS |
Secure connection reused |
TLS session maintained |
13 |
Use Persistent Connection with HTTP/2 |
Multiplexed streams |
All over one connection |
14 |
Use Persistent Connection with HTTP/3 |
QUIC protocol |
Connection reused |
15 |
Use Persistent Connection with WebSocket Upgrade |
Upgrade to WebSocket |
Connection persists |
16 |
Use Persistent Connection with Keep-Alive Timeout |
Server sets timeout |
Connection closes after timeout |
17 |
Use Persistent Connection with Idle Timeout |
No activity for duration |
Connection closed |
18 |
Use Persistent Connection with Pipelining |
Send multiple requests without waiting |
Responses returned in order |
19 |
Use Persistent Connection with Chunked Transfer |
Stream large response |
Connection remains open |
20 |
Use Persistent Connection with File Download |
Download multiple files |
One connection used |
21 |
Use Persistent Connection with Image Gallery |
Load multiple images |
Fewer connections |
22 |
Use Persistent Connection with CSS/JS |
Load styles and scripts |
Reused connection |
23 |
Use Persistent Connection with Font Files |
Load fonts |
Connection reused |
24 |
Use Persistent Connection with Video Segments |
Stream video chunks |
Smooth playback |
25 |
Use Persistent Connection with Audio Streaming |
Stream audio |
No reconnection needed |
26 |
Use Persistent Connection with JSON API |
Fetch multiple JSON responses |
One connection |
27 |
Use Persistent Connection with XML API |
Fetch XML data |
Connection reused |
28 |
Use Persistent Connection with Authentication |
Authenticated session |
Connection persists |
29 |
Use Persistent Connection with Session Cookies |
Maintain session |
No new connection |
30 |
Use Persistent Connection with Token Auth |
Use bearer token |
Connection reused |
31 |
Use Persistent Connection with Retry Logic |
Retry on failure |
Same connection reused if alive |
32 |
Use Persistent Connection with Redirects |
Follow redirects |
Connection reused if possible |
33 |
Use Persistent Connection with Caching |
Fetch cached and fresh data |
Connection reused |
34 |
Use Persistent Connection with Compression |
Gzip responses |
Connection reused |
35 |
Use Persistent Connection with CDN Prefetch |
Prefetch resources |
One connection |
36 |
Use Persistent Connection with Analytics |
Send multiple events |
One connection |
37 |
Use Persistent Connection with Monitoring Tool |
Poll server repeatedly |
No reconnect needed |
38 |
Use Persistent Connection with Logging Tool |
Send logs in batches |
Connection reused |
39 |
Use Persistent Connection with IoT Device |
Send periodic data |
Connection remains open |
40 |
Use Persistent Connection with Mobile App |
Fetch multiple screens |
One connection |
41 |
Use Persistent Connection with Desktop App |
Load dashboard data |
Reused connection |
42 |
Use Persistent Connection with SPA |
Single-page app fetches data |
No reconnects |
43 |
Use Persistent Connection with Pagination |
Fetch multiple pages |
One connection |
44 |
Use Persistent Connection with Search Suggestions |
Send keystroke queries |
Connection reused |
45 |
Use Persistent Connection with Chat App |
Send/receive messages |
Persistent connection |
46 |
Use Persistent Connection with Real-Time Feed |
Stream updates |
Connection stays open |
47 |
Use Persistent Connection with Batch Upload |
Upload multiple files |
One connection |
48 |
Use Persistent Connection with Batch Download |
Download multiple files |
One connection |
49 |
Use Persistent Connection with API Gateway |
Gateway maintains connection |
Efficient routing |
50 |
Use Persistent Connection with Reverse Proxy |
Proxy reuses connection |
Backend load reduced |
Proxy and Gateway support - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Access HTTP via Forward Proxy |
Route request through proxy |
Server receives request via proxy |
2 |
Access HTTPS via Forward Proxy |
Use CONNECT method |
Secure tunnel established |
3 |
Access HTTP via Reverse Proxy |
Reverse proxy forwards request |
Backend server responds |
4 |
Access HTTPS via Reverse Proxy |
TLS terminates at proxy |
Secure connection maintained |
5 |
Use Transparent Proxy |
Proxy intercepts without config |
Request routed successfully |
6 |
Use Anonymous Proxy |
Proxy hides client IP |
Server sees proxy IP |
7 |
Use High Anonymity Proxy |
Proxy hides both IP and proxy use |
Server unaware of proxy |
8 |
Use Proxy with Authentication |
Proxy requires credentials |
Authenticated access granted |
9 |
Use Proxy with IP Whitelisting |
Only allowed IPs can connect |
Unauthorized IPs blocked |
10 |
Use Proxy with Rate Limiting |
Limit requests per IP |
Excess requests blocked |
11 |
Use Proxy with Caching |
Proxy caches responses |
Faster repeated access |
12 |
Use Proxy with Load Balancing |
Distribute requests across servers |
Load evenly distributed |
13 |
Use Proxy with SSL Offloading |
Proxy handles TLS |
Backend receives plain HTTP |
14 |
Use Proxy with Content Filtering |
Block specific URLs |
Access denied |
15 |
Use Proxy with Header Injection |
Add headers at proxy |
Server receives modified request |
16 |
Use Proxy with Header Removal |
Strip headers |
Server receives clean request |
17 |
Use Proxy with URL Rewriting |
Modify request path |
Server receives rewritten URL |
18 |
Use Proxy with Path-Based Routing |
Route based on URL path |
Correct backend selected |
19 |
Use Proxy with Host-Based Routing |
Route based on hostname |
Correct backend selected |
20 |
Use Proxy with Geo-Based Routing |
Route based on location |
Nearest server selected |
21 |
Use Proxy with Protocol Translation |
Convert HTTP to HTTPS |
Secure backend communication |
22 |
Use Proxy with WebSocket Upgrade |
Support Upgrade: websocket |
WebSocket connection established |
23 |
Use Proxy with API Gateway |
Route API calls |
Gateway forwards to services |
24 |
Use Proxy with Service Mesh |
Internal routing via proxy |
Microservices communicate securely |
25 |
Use Proxy with CDN |
Serve static content |
CDN edge responds |
26 |
Use Proxy with DNS Resolution |
Proxy resolves domain |
Correct IP used |
27 |
Use Proxy with Logging |
Log all HTTP traffic |
Logs contain request/response data |
28 |
Use Proxy with Monitoring |
Monitor traffic metrics |
Dashboard shows live data |
29 |
Use Proxy with Security Scanning |
Inspect traffic for threats |
Malicious requests blocked |
30 |
Use Proxy with DDoS Protection |
Filter excessive traffic |
Attack mitigated |
31 |
Use Proxy with Firewall |
Enforce access rules |
Unauthorized access blocked |
32 |
Use Proxy with NAT Gateway |
Translate IP addresses |
Internal IPs hidden |
33 |
Use Proxy with Cloud Gateway |
Route through cloud provider |
Cloud backend responds |
34 |
Use Proxy with VPN |
Tunnel traffic through VPN |
Proxy routes securely |
35 |
Use Proxy with IPv6 |
Route IPv6 traffic |
Connection succeeds |
36 |
Use Proxy with IPv4 |
Route IPv4 traffic |
Connection succeeds |
37 |
Use Proxy with Dual Stack |
Handle both IPv4 and IPv6 |
Requests routed correctly |
38 |
Use Proxy with TLS Inspection |
Decrypt and inspect HTTPS |
Security policies enforced |
39 |
Use Proxy with SNI Routing |
Route based on TLS SNI |
Correct backend selected |
40 |
Use Proxy with Mutual TLS |
Authenticate client and server |
Secure connection established |
41 |
Use Proxy with Session Persistence |
Maintain session affinity |
Requests routed to same server |
42 |
Use Proxy with Health Checks |
Monitor backend health |
Unhealthy servers skipped |
43 |
Use Proxy with Failover |
Switch to backup server |
Service remains available |
44 |
Use Proxy with Retry Logic |
Retry failed requests |
Request eventually succeeds |
45 |
Use Proxy with Compression |
Compress responses |
Faster delivery |
46 |
Use Proxy with Decompression |
Decompress before forwarding |
Backend receives plain data |
47 |
Use Proxy with Custom Headers |
Add X-Forwarded-For |
Server sees client IP |
48 |
Use Proxy with Access Control |
Restrict by user or role |
Unauthorized access blocked |
49 |
Use Proxy with Logging Masking |
Mask sensitive data |
Logs are secure |
50 |
Use Proxy with Analytics |
Track usage patterns |
Insights generated |
Reference links