StatusCodeFYI

HTTP Concepts (20)

API Design (20)

Understand API rate limiting — control request volume per time window to prevent abuse and ensure fair resource allocation.

Pagination

Learn API pagination patterns — cursor-based and offset-based approaches for efficiently retrieving large datasets in subsets.

API Versioning

Discover API versioning strategies — URL path, header, and query parameter approaches for evolving APIs without breaking existing clients.

Content-Type

Learn about the HTTP Content-Type header — how it signals the media type of a request or response body for correct parsing.

Accept Header

Understand the HTTP Accept header — how clients signal preferred media types to enable server-driven content negotiation.

HATEOAS

Learn HATEOAS — the REST constraint where API responses include hypermedia links so clients can dynamically discover available actions.

Idempotency Key

Understand idempotency keys — unique request identifiers that prevent duplicate side effects when retrying API calls in payment systems.

Webhook

Learn about webhooks — event-driven HTTP callbacks that push real-time notifications to your URL instead of requiring polling.

API Gateway

Discover API gateways — single entry points that handle routing, rate limiting, authentication, and load balancing for backend services.

OpenAPI Specification

Learn about the OpenAPI Specification — the standard format for describing RESTful API endpoints, schemas, and authentication methods.

GraphQL Query

Understand GraphQL queries — fetch exactly the fields you need in one request, eliminating over-fetching and under-fetching problems.

REST Constraints

Learn the six REST constraints — client-server, stateless, cacheable, uniform interface, layered system, and code-on-demand.

API Throttling

Understand API throttling — queue or reject excess requests to protect backend services from overload and ensure stable performance.

Request Body

Learn about HTTP request bodies — the data payload in POST, PUT, and PATCH requests used to create or update server resources.

Response Body

Understand HTTP response bodies — the payload returned by servers containing resources, error details, or action results.

SDK (Software Development Kit)

Learn what an SDK is in API development. Understand how SDKs simplify integration by wrapping HTTP or gRPC calls with language-native libraries.

API Deprecation

Understand API deprecation — how to sunset endpoints gracefully using Sunset and Deprecation headers, versioning strategy, and migration timelines.

Bulk Operations

Learn about bulk operations in API design — batch create, update, or delete multiple resources in a single HTTP request to minimize costly round trips.

Hypermedia

Learn what hypermedia means in REST APIs. Understand how embedding links and controls in responses enables client discovery and HATEOAS compliance.

JSON:API

Learn about the JSON:API specification — a standard for structuring JSON responses, relationships, pagination, and error formats in REST APIs.

Security (20)

TLS Handshake

How does a TLS handshake work? Learn about the process of establishing encrypted connections, certificate verification, and TLS 1.3 improvements.

TLS Certificate (SSL Certificate)

What is a TLS/SSL certificate? Learn about digital certificates, Certificate Authorities, and how they enable HTTPS.

CORS (Cross-Origin Resource Sharing)

Understand CORS — Cross-Origin Resource Sharing. Learn how browsers enforce same-origin policy and how servers allow cross-domain requests.

Cipher Suite

What is a cipher suite? Learn about the cryptographic algorithm combinations used in TLS connections for key exchange, encryption, and integrity.

Authentication

HTTP authentication explained — Basic, Bearer, Digest schemes. Understand 401 vs 403 and how authentication works in web protocols.

XSS (Cross-Site Scripting)

What is XSS? Learn about Cross-Site Scripting attacks — stored, reflected, and DOM-based — and defenses like CSP and output encoding.

CSRF (Cross-Site Request Forgery)

What is CSRF? Learn about Cross-Site Request Forgery attacks, how cookies enable them, and defenses like CSRF tokens and SameSite.

SQL Injection

What is SQL injection? Learn how attackers exploit unsanitized inputs to manipulate databases, and how to prevent it.

HSTS (HTTP Strict Transport Security)

What is HSTS? Learn how Strict-Transport-Security forces HTTPS connections and protects against downgrade attacks.

CSP (Content Security Policy)

What is CSP? Learn how Content Security Policy headers prevent XSS attacks by controlling which resources browsers can load.

OAuth 2.0

What is OAuth 2.0? Learn about authorization grant types, access tokens, and how third-party apps access resources securely.

JWT (JSON Web Token)

What is a JWT? Learn about JSON Web Tokens — header, payload, signature structure and use in API authentication.

API Key

Learn about API keys — unique identifiers for authenticating API requests, and how they compare to OAuth for security.

Bearer Token

Understand Bearer tokens — opaque access tokens in the Authorization header that grant access to protected API resources.

Mutual TLS (mTLS)

Learn Mutual TLS (mTLS) — bidirectional certificate authentication where both client and server verify each other's identity.

Rate Limit Bypass

Discover rate limit bypass techniques — IP rotation, header manipulation, and distributed attacks, plus countermeasures to prevent them.

Same-Origin Policy

Learn the Same-Origin Policy — the browser security mechanism that restricts cross-origin resource access and forms the foundation of CORS.

Clickjacking

Learn what clickjacking is and how to prevent it using the X-Frame-Options header and Content Security Policy frame-ancestors directive in HTTP.

SSRF (Server-Side Request Forgery)

Understand SSRF (Server-Side Request Forgery) — how attackers abuse server URL fetching to access internal services and how to prevent the attack.

Security Headers

Learn about HTTP security headers — CSP, HSTS, X-Frame-Options, and X-Content-Type-Options that protect web applications from common attacks.

Networking (20)

TCP/IP

TCP/IP fundamentals — how the internet's core protocol suite provides reliable data delivery and packet routing for HTTP, SMTP, and other protocols.

Three-Way Handshake

How does a TCP three-way handshake work? Learn about SYN, SYN-ACK, ACK and how connections are established before HTTP requests begin.

Port Number

What are port numbers? Learn about well-known ports (80, 443, 25, 53) and how they identify network services.

Latency

What is network latency? Learn how delay affects HTTP requests, what causes timeouts (408, 504), and how CDNs reduce latency.

Timeout

Understand network timeouts — connection, read, and gateway timeouts. Learn about HTTP 408 and 504 timeout status codes.

Load Balancer

What is a load balancer? Learn about L4/L7 load balancing, traffic distribution, and related errors like 502 Bad Gateway.

Reverse Proxy

Understand reverse proxies — how Nginx, HAProxy, and CDNs sit between clients and servers, and what causes 502/503/504 errors.

NAT (Network Address Translation)

What is NAT? Learn how Network Address Translation maps private to public IPs and why it complicates peer-to-peer protocols.

Firewall

What is a firewall? Learn about packet filtering, stateful inspection, and WAFs that control network traffic and protect services.

Proxy Server (Forward Proxy)

What is a proxy server? Learn how forward proxies work, differ from reverse proxies, and enable caching and access control.

DNS over HTTPS (DoH)

What is DNS over HTTPS (DoH)? Learn how encrypted DNS queries improve privacy by tunneling through HTTPS on port 443.

IPv6

What is IPv6? Learn about 128-bit addresses, why IPv6 replaces IPv4, and how AAAA records enable the transition.

Subnet (Subnetwork)

What is a subnet? Learn about IP subnetting, CIDR notation, subnet masks, and how networks are divided for performance and security.

Connection Pooling

Understand connection pooling — reuse existing network connections to reduce latency and resource consumption in high-traffic applications.

TCP Reset (RST)

Learn about TCP Reset (RST) — how connections are abruptly terminated by firewalls, port scanners, or application errors.

MTU (Maximum Transmission Unit)

Discover MTU (Maximum Transmission Unit) — the largest packet size a network link can carry, typically 1500 bytes for Ethernet connections.

Socket

Learn about network sockets — IP address and port number endpoints that form the foundation of all network protocol communication.

UDP (User Datagram Protocol)

Learn what UDP is and how it differs from TCP. Understand why DNS, WebRTC, and QUIC choose UDP for low-latency connectionless datagram delivery.

Bandwidth

Understand bandwidth in networking — the difference between bandwidth and throughput, and how API design choices affect data transfer rates.

DNS Lookup

Learn how DNS lookup works — the full recursive query process that resolves hostnames to IP addresses and its measurable impact on connection latency.

Caching & Performance (20)

Cache-Control

Master HTTP Cache-Control headers — max-age, no-cache, no-store, public, private. Learn how caching directives improve performance.

ETag (Entity Tag)

What is an ETag? Learn about HTTP entity tags for conditional requests and how 304 Not Modified saves bandwidth.

CDN (Content Delivery Network)

What is a CDN? Learn how Content Delivery Networks cache content globally to reduce latency and improve website performance.

Stale-While-Revalidate

What is stale-while-revalidate? Learn how this Cache-Control directive serves stale content instantly while refreshing in the background.

Cache Invalidation

What is cache invalidation? Learn strategies for keeping cached content fresh — expiration, versioning, purging, and tag-based approaches.

Edge Caching

What is edge caching? Learn how CDN edge servers cache content near users to reduce latency and origin server load.

Last-Modified

Learn about the HTTP Last-Modified header — how it enables conditional requests and cache validation with If-Modified-Since.

Vary Header

Understand the HTTP Vary header — tell caches which request headers affect the response to ensure correct per-variant caching.

Cache Busting

Discover cache busting techniques — force browsers and CDNs to fetch fresh content using URL query strings, content hashes, or versioned filenames.

HTTP Compression

Learn HTTP compression — reduce response sizes with gzip, Brotli, or zstd using Accept-Encoding and Content-Encoding headers.

Prefetching

Understand browser prefetching — proactively fetch future navigation resources using rel=prefetch or Link headers to speed up browsing.

Time to First Byte (TTFB)

Learn about TTFB (Time to First Byte) — a key HTTP performance metric measuring server processing speed from request to first response byte.

Connection Reuse

Discover HTTP connection reuse — send multiple requests over one TCP connection via keep-alive or HTTP/2 multiplexing to cut overhead.

Brotli Compression

Learn about Brotli compression (Content-Encoding: br) — how it achieves 15–25% better ratios than gzip for web assets and when to enable it.

HTTP Caching Layers

Understand HTTP caching layers — browser, service worker, CDN edge, and reverse proxy caches and how Cache-Control directives govern each layer.

Cache Hit Ratio

Learn what cache hit ratio means for CDN and proxy performance — how to measure it, interpret it, and improve it for your HTTP API or website.

Push Cache (HTTP/2)

Learn about the HTTP/2 push cache — how server-pushed resources are stored per connection and why push cache is different from browser cache.

Immutable Response

Understand the Cache-Control immutable directive — how it prevents unnecessary revalidation of versioned static assets in the browser cache.

Service Worker Cache

Learn about service worker cache — the programmable browser cache layer that intercepts fetch requests to enable offline-first apps and custom strategies.

103 Early Hints

Learn about HTTP 103 Early Hints — how servers send Link preload headers before the final response is ready to accelerate browser resource loading.

Error Handling (20)

Retry Strategy

Learn retry strategies — exponential backoff, jitter, and retry limits for handling transient failures gracefully in distributed systems.

Circuit Breaker

Understand the circuit breaker pattern — stop requests to failing services after an error threshold to prevent cascading failures.

Graceful Degradation

Learn graceful degradation — design systems to maintain reduced functionality during partial failures rather than going completely offline.

Fallback

Understand fallback patterns — serve cached data or defaults when primary services are unavailable to maintain user experience.

Error Boundary

Learn about error boundaries — catch and contain errors at a system level to prevent unhandled exceptions from crashing entire applications.

Dead Letter Queue

Discover dead letter queues — store unprocessable messages for later analysis to handle persistent failures in asynchronous systems.

Health Check

Learn about health checks — service status endpoints used by load balancers and orchestrators to route traffic away from unhealthy instances.

Timeout Budget

Understand timeout budgets — divide total request time across sub-operations so no single step can exhaust the entire allowed duration.

Backpressure

Learn about backpressure — a flow control signal where consumers tell producers to slow down when processing capacity is exceeded.

Problem Details (RFC 9457)

Discover Problem Details (RFC 9457) — the standardized JSON format for HTTP API errors with type, title, status, and detail fields.

Exponential Backoff

Learn exponential backoff — the retry timing strategy that doubles the wait interval after each failure to reduce pressure on recovering servers.

Jitter

Understand jitter in distributed retry logic — how adding randomness to backoff intervals prevents thundering herd problems when servers recover.

Thundering Herd

Learn about the thundering herd problem — when synchronized client retries simultaneously overwhelm a recovering server and how jitter prevents it.

Bulkhead Pattern

Learn the bulkhead resilience pattern — how partitioning connection and thread pools isolates failures to prevent cascading microservice outages.

Error Code Mapping

Understand error code mapping — translating application exceptions to HTTP 4xx/5xx and gRPC status codes for consistent API error responses.

Idempotent Retry

Learn about idempotent retry — which HTTP methods are safe to retry automatically and how idempotency keys make POST requests safely retryable.

Error Rate

Understand error rate as an API reliability metric — how to calculate it, set SLO thresholds, and differentiate 4xx client from 5xx server errors.

Poison Message

Learn what a poison message is — a malformed queue message that repeatedly fails processing and gets routed to a dead letter queue after max retries.

Fail Open / Fail Closed

Understand fail open vs fail closed — the two failure modes for gates and security checks in distributed systems and when to choose each approach.

Retry-After Header

Learn about the HTTP Retry-After response header — how 429 Too Many Requests and 503 responses tell clients how long to wait before retrying.

Protocol Design (20)

Request-Response Model

The request-response model explained — how HTTP, SMTP, FTP, and other protocols structure client-server communication.

RFC (Request for Comments)

What is an RFC? Learn about Request for Comments documents — the formal standards that define HTTP, SMTP, DNS, and other internet protocols.

IANA (Internet Assigned Numbers Authority)

What is IANA? Learn about the Internet Assigned Numbers Authority and its role in maintaining HTTP status codes, port numbers, and protocol registries.

Protocol Upgrade

How does protocol upgrade work? Learn about HTTP 101 Switching Protocols, WebSocket upgrades, and HTTP/2 negotiation.

Multiplexing

What is multiplexing? Learn how HTTP/2 and gRPC send multiple requests simultaneously over a single connection.

Backward Compatibility

What is backward compatibility? Learn why protocols like HTTP/2 and gRPC maintain compatibility with older versions.

Protocol Buffers (Protobuf)

What are Protocol Buffers? Learn about Google's binary serialization format used by gRPC for compact, fast, schema-driven messaging.

Serialization

What is serialization? Learn about JSON, Protobuf, XML, and other formats for converting data for network transmission.

Protocol Negotiation

Learn protocol negotiation — how clients and servers agree on protocol versions using ALPN for HTTP/2 and TLS version selection.

Message Framing

Understand message framing — how protocols delimit messages in byte streams using length-prefixes, delimiters, or chunk encoding.

Wire Format

Discover wire formats — the exact byte-level data representation transmitted over networks, including encoding and field layout in protocol specs.

Extension Mechanism

Learn extension mechanisms — protocol features for adding new capabilities without breaking existing implementations, like HTTP headers and EDNS(0).

Connection-Oriented

Learn what connection-oriented means in networking — how TCP establishes shared state before data transfer and the trade-offs versus connectionless UDP.

Connectionless

Understand connectionless protocols — how UDP sends independent datagrams without a handshake and why DNS and QUIC rely on the connectionless model.

Half-Duplex

Learn what half-duplex communication means — how HTTP/1.1 alternates between request and response and why it limits bidirectional throughput.

Full-Duplex

Understand full-duplex communication — how WebSocket and gRPC bidirectional streaming allow simultaneous data flow in both directions without turns.

ALPN (Application-Layer Protocol Negotiation)

Learn about ALPN — the TLS extension that negotiates HTTP/2 or gRPC protocol selection during the TLS handshake without additional round trips.

Text vs Binary Protocol

Understand text vs binary protocols — the trade-offs between human-readable HTTP/1.1 and SMTP versus binary HTTP/2 and gRPC Protobuf encoding.

Head-of-Line Blocking

Learn about head-of-line blocking — why a slow or lost packet stalls all following HTTP/1.1 requests, and how HTTP/2 multiplexing and QUIC fix it.

QUIC

Learn about QUIC — the UDP-based transport protocol behind HTTP/3 that eliminates TCP head-of-line blocking with multiplexed encrypted streams.

DNS (20)

DNS Resolution

How does DNS resolution work? Learn about the process of translating domain names to IP addresses and DNS response codes (RCODEs).

DNS Record Types

Understand DNS record types — A, AAAA, CNAME, MX, TXT, NS, and more. Learn what each DNS record type does.

TTL (Time to Live)

What is TTL in DNS? Learn about Time to Live values, DNS caching duration, and how TTL affects DNS propagation speed.

DNSSEC (DNS Security Extensions)

What is DNSSEC? Learn how DNS Security Extensions use cryptographic signatures to authenticate DNS responses and prevent tampering.

DNS over TLS (DoT)

What is DNS over TLS (DoT)? Learn how encrypted DNS on port 853 improves privacy while maintaining network visibility.

Anycast

What is anycast? Learn how one IP address serves from multiple global locations to reduce latency and improve DNS resilience.

Recursive Resolver

Learn about DNS recursive resolvers — servers that perform full resolution by querying root, TLD, and authoritative name servers on your behalf.

Authoritative Name Server

Understand authoritative name servers — the DNS servers that hold actual zone records and provide definitive answers for a domain.

Glue Record

Learn about DNS glue records — A/AAAA records provided by parent zones to break circular dependency when name servers are within their own domain.

EDNS(0)

Discover EDNS(0) — Extension Mechanisms for DNS enabling larger UDP messages, additional flags, and option codes beyond the original DNS spec.

DNS Zone

Learn what a DNS zone is — a delegated portion of the namespace managed by a zone file and authoritative nameserver. Essential for DNS administration.

DNS Propagation

Understand DNS propagation — why DNS changes can take hours to reach all resolvers worldwide and how TTL values control the propagation window.

CNAME Record

Learn how CNAME records create domain aliases in DNS. Understand when to use CNAMEs, their limitations at the zone apex, and how resolvers follow CNAME chains.

MX Record

Understand MX records — DNS records that direct email to the correct mail server. Learn about MX priority values, redundancy, and common email routing errors.

SRV Record

Learn about SRV DNS records — how they encode service location, port, priority, and weight for SIP, gRPC, and other protocols that need DNS-based discovery.

PTR Record

Understand PTR records — reverse DNS mappings from IP to hostname. Learn why PTR records matter for email deliverability and network diagnostics.

DNS Cache Poisoning

Learn what DNS cache poisoning is — an attack injecting forged records into resolvers. Understand how DNSSEC and source port randomization defend against it.

DNS Root Server

Understand DNS root servers — the 13 anycast clusters at the top of the DNS hierarchy that direct resolvers to TLD nameservers for every query.

Split-Horizon DNS

Learn about split-horizon DNS — returning different IP answers based on query source to separate internal and external network traffic for the same hostname.

Wildcard DNS Record

Understand wildcard DNS records — how asterisk (*) records match unspecified subdomains, their limitations, and common use in multi-tenant application routing.

Email & SMTP (20)

SMTP Relay

How does SMTP relay work? Learn about email forwarding between servers and SMTP reply codes like 250, 421, and 550.

SPF, DKIM, and DMARC

Understand SPF, DKIM, and DMARC — the three pillars of email authentication that prevent spoofing, phishing, and delivery failures.

Bounce Rate (Email)

What is email bounce rate? Learn about hard vs soft bounces, SMTP error codes, and how bounce rates affect sender reputation.

Email Deliverability

What is email deliverability? Learn how sender reputation, authentication, and SMTP codes determine whether emails reach the inbox.

MTA (Mail Transfer Agent)

What is an MTA? Learn about Mail Transfer Agents like Postfix and Exim that relay email between servers using SMTP.

SMTP Pipelining

Learn SMTP pipelining — send multiple SMTP commands without waiting for each response to improve bulk email delivery throughput.

Greylisting

Understand greylisting — an anti-spam technique that temporarily rejects unknown senders with 4xx, filtering spambots that won't retry.

Backscatter

Learn about SMTP backscatter — misdirected bounce messages sent to forged addresses, a spam side effect of accepting spoofed email.

Envelope vs Header

Understand envelope vs header addresses in SMTP — the difference between routing addresses (MAIL FROM) and display headers (From) in email.

STARTTLS

Learn STARTTLS — the SMTP extension that upgrades a plaintext connection to TLS encryption, contrasted with implicit TLS from the start.

SMTP Authentication (SMTP AUTH)

Learn what SMTP AUTH is — the authentication extension that prevents open relay abuse by requiring credentials before relaying email. Covers PLAIN, LOGIN, SCRAM.

Open Relay

Understand open relay — an SMTP misconfiguration that lets anyone relay email anonymously. Learn why open relays get blacklisted and how to prevent them.

Email Queue

Learn about email queues — how MTAs store and retry messages on 4xx failures. Understand queue management, exponential backoff, and bounce policies.

MIME Multipart

Understand MIME Multipart — the email format that combines text, HTML, and attachments using boundary delimiters. Covers multipart/alternative and mixed.

ARC (Authenticated Received Chain)

Learn about ARC — the Authenticated Received Chain protocol that preserves SPF/DKIM/DMARC results across email forwarding hops to improve deliverability.

BIMI (Brand Indicators for Message Identification)

Understand BIMI — how brands display verified logos next to authenticated emails in recipients' inboxes. Covers DMARC requirements and VMC certificates.

DSN (Delivery Status Notification)

Learn about DSN — Delivery Status Notifications that report email delivery outcomes back to senders. Understand NOTIFY parameters and the delivery-status format.

Email Header Injection

Understand email header injection — how CRLF injection in form fields lets attackers add BCC headers and send spam. Learn prevention techniques.

SMTP Enhanced Status Codes

Learn SMTP Enhanced Status Codes — the RFC 3463 dotted codes like 5.1.1 that provide specific delivery failure reasons beyond basic SMTP reply codes.

MDN (Message Disposition Notification)

Understand MDN — Message Disposition Notifications that confirm email was read or processed. Learn the RFC 8098 standard behind open read receipts.

Real-Time & Streaming (20)

WebSocket Frame

What is a WebSocket frame? Learn about text, binary, ping/pong, and close frames and WebSocket close status codes.

gRPC Streaming

Learn about gRPC streaming patterns — unary, server streaming, client streaming, and bidirectional streaming with status codes.

SIP Dialog

What is a SIP dialog? Learn about SIP call sessions, INVITE transactions, and response codes like 180 Ringing and 486 Busy Here.

WebRTC (Web Real-Time Communication)

What is WebRTC? Learn how browsers enable peer-to-peer audio, video, and data communication using ICE, DTLS, and SRTP.

Signaling

What is signaling in WebRTC? Learn about SDP offer/answer exchange and how peers coordinate before establishing connections.

ICE Candidate

What is an ICE candidate? Learn about host, server reflexive, and relay candidates used for NAT traversal in WebRTC.

Server-Sent Events (SSE)

Learn Server-Sent Events (SSE) — unidirectional HTTP push over a long-lived connection, simpler than WebSocket for one-way data streaming.

Long Polling

Understand long polling — the technique where the server holds HTTP requests open until data is available, simulating real-time push.

WebSocket Subprotocol

Discover WebSocket subprotocols — application-level protocols negotiated during the handshake to define message formats over a WebSocket connection.

gRPC Metadata

Learn gRPC metadata — key-value pairs in headers/trailers for auth tokens, tracing IDs, and custom data separate from protobuf payloads.

SIP Registrar

Learn about SIP registrars — servers that accept REGISTER requests and maintain location records for routing incoming calls to users.

WebSocket Ping/Pong

Understand WebSocket Ping/Pong — the heartbeat mechanism using control frames to verify connection liveness and detect stale connections.

Event Stream

Learn about the event stream format used by Server-Sent Events — the text/event-stream MIME type, its fields (event, data, id, retry), and reconnection.

WebSocket Close Code

Learn WebSocket close codes — numeric codes in Close frames indicating why a connection ended. Covers 1000 (normal), 1001, 1008, 1011, and app-defined 4xxx.

STUN (Session Traversal Utilities for NAT)

Understand STUN — how clients behind NAT discover their public IP and port for WebRTC and SIP peer-to-peer connections. Covers server-reflexive candidates.

TURN (Traversal Using Relays around NAT)

Learn about TURN — the relay protocol that routes WebRTC media through a server when symmetric NAT blocks direct peer connections. Covers ICE fallback and cost.

SDP (Session Description Protocol)

Understand SDP — the Session Description Protocol used in WebRTC and SIP to negotiate codecs, ports, and encryption parameters during call setup.

MQTT (Message Queuing Telemetry Transport)

Learn about MQTT — the lightweight IoT publish/subscribe protocol with three QoS levels. Understand brokers, topics, and how it runs over WebSocket and TCP.

STOMP (Simple Text Oriented Messaging Protocol)

Understand STOMP — the simple text messaging protocol used over WebSocket to connect browsers to RabbitMQ and ActiveMQ. Covers commands and frame format.

gRPC-Web

Learn about gRPC-Web — the proxy-based adaptation allowing browser JavaScript to call gRPC services via HTTP/1.1 translation. Covers Envoy proxy and limitations.

Infrastructure (20)

Service Mesh

Learn about service meshes — dedicated infrastructure layers managing microservice communication, load balancing, and encryption transparently.

Sidecar Proxy

Discover sidecar proxies — co-deployed proxies that intercept microservice traffic to implement service mesh features transparently.

Ingress Controller

Learn about Kubernetes Ingress Controllers — reverse proxies managing external access with TLS termination and path-based routing.

Service Discovery

Understand service discovery — automatically locate services in distributed systems via DNS SRV records or registries like Consul and etcd.

Load Balancing Algorithm

Explore load balancing algorithms — round-robin, least-connections, IP-hash, and consistent hashing strategies with their trade-offs.

Blue-Green Deployment

Learn blue-green deployments — switch traffic atomically between two identical environments for zero-downtime releases.

Canary Deployment

Discover canary deployments — gradually roll out new versions to a small traffic percentage to detect issues before full release.

Health Check Endpoint

Learn about health check endpoints — /health or /healthz URLs that report service status to load balancers and container orchestrators.

TLS Termination

Understand TLS termination — decrypt HTTPS at a load balancer and forward plaintext HTTP to backends to reduce their computational overhead.

Connection Draining

Learn connection draining — gracefully stop a server by finishing active requests before terminating instead of abruptly closing connections.

Distributed Tracing

Discover distributed tracing — track requests across microservices using W3C Trace Context and OpenTelemetry to correlate logs and metrics.

Observability

Learn about observability — understand system internal state through logs, metrics, and traces to diagnose distributed system issues.

Correlation ID

Understand correlation IDs — unique request identifiers propagated across microservices to enable end-to-end distributed tracing and log correlation.

Rate Limiter Algorithm

Compare rate limiter algorithms — token bucket, leaky bucket, sliding window, and fixed window. Learn their trade-offs for burst tolerance and fairness.

Container Orchestration

Learn about container orchestration — Kubernetes, ECS, and Docker Swarm managing deployment, scaling, and health of containerized services automatically.

Rolling Update

Understand rolling updates — gradually replacing instances one at a time during deployment. Learn Kubernetes maxUnavailable/maxSurge settings and trade-offs.

Readiness Probe

Understand readiness probes — Kubernetes checks that remove pods from traffic rotation without restarting them. Learn the difference from liveness probes.

SLA / SLO / SLI

Learn the difference between SLA, SLO, and SLI — the three reliability measurement layers from raw metrics to customer contracts and error budgets.

Configuration Management

Understand configuration management — environment variables, Consul, etcd, and feature flags for managing settings across deployment environments safely.

Zero-Downtime Deployment

Learn zero-downtime deployment — combining health checks, connection draining, and staged rollouts to update services without dropping user requests.

Web Standards (20)

HTTP Semantics (RFC 9110)

Learn about RFC 9110 HTTP Semantics — the core specification defining HTTP methods, status codes, headers, and content negotiation.

URI (Uniform Resource Identifier)

Understand URIs — strings that identify resources by location or name, forming the addressing foundation of HTTP and the web.

MIME Type

Learn about MIME types — two-part type/subtype identifiers standardized by IANA that indicate document and file formats in HTTP and email.

CORS Preflight

Understand CORS preflight — the automatic OPTIONS request browsers send before cross-origin requests to verify server permissions.

Content-Disposition

Learn about Content-Disposition — the HTTP header that controls whether content displays inline or downloads as an attachment with a suggested filename.

Transfer-Encoding

Understand Transfer-Encoding — the HTTP header specifying message body encoding for transfer, distinct from Content-Encoding.

Link Header

Learn about the HTTP Link header (RFC 8288) — convey typed resource relationships for pagination, preloading, and API discovery.

Origin

Learn about the Origin concept — scheme, host, and port combination that defines browser security boundaries for Same-Origin Policy and CORS.

Referrer-Policy

Understand Referrer-Policy — the HTTP header that controls how much referrer information is sent with requests to balance analytics and privacy.

Permissions Policy

Learn about Permissions Policy (formerly Feature-Policy) — the HTTP header controlling browser feature access like camera and geolocation.

HSTS Preload

Discover HSTS Preload — hardcode your domain into browser HTTPS-only lists to enforce HTTPS from the very first connection, bypassing redirects.

Structured Headers (RFC 8941)

Learn Structured Headers (RFC 8941) — standardized HTTP header value formats using typed data structures for consistent parsing.

Early Hints (103)

Discover HTTP 103 Early Hints — send Link headers before the final response so browsers can preload resources and reduce page load time.

Certificate Transparency

Learn Certificate Transparency — the web standard requiring TLS certificates in public logs so domain owners can detect misissued certificates.

Subresource Integrity (SRI)

Understand Subresource Integrity (SRI) — verify CDN resources with cryptographic hashes to ensure they haven't been tampered with.

Web Linking (RFC 8288)

Discover Web Linking (RFC 8288) — express typed resource relationships via Link headers or HTML elements for machine-readable discovery.

Proxy Authentication

Learn HTTP proxy authentication — how proxies require client credentials using the 407 status code and Proxy-Authorization header.

Conditional Headers

Learn HTTP conditional headers — If-Match, If-None-Match, and If-Modified-Since for cache validation and optimistic concurrency control.

X-Forwarded-For

Understand X-Forwarded-For — the proxy header identifying the original client IP. Learn how to read it safely and prevent IP spoofing through header trust.

Content-Encoding

Learn about Content-Encoding — the HTTP header specifying gzip, Brotli, or zstd compression applied to response bodies. Understand Accept-Encoding negotiation.

gRPC & RPC (20)

gRPC Channel

Learn what a gRPC Channel is and how it manages connection pooling, load balancing, and name resolution for long-lived gRPC service connections.

gRPC Interceptor

Understand gRPC Interceptors — middleware for logging, authentication, and metrics in gRPC. Learn how unary and streaming interceptors are chained.

gRPC Deadline

What is a gRPC Deadline? Learn how deadlines propagate across service hops, trigger DEADLINE_EXCEEDED errors, and prevent latency amplification.

gRPC Status Code

Reference for all 17 gRPC status codes (0–16) including OK, CANCELLED, INVALID_ARGUMENT, NOT_FOUND, and INTERNAL. Learn what each code means.

gRPC Service Definition

Learn what a gRPC Service Definition is — how .proto files define RPC methods, message types, and streaming modes as the typed service contract.

Unary RPC

Understand Unary RPC in gRPC — the simplest request-response pattern where a single client request returns exactly one server response synchronously.

Server Streaming RPC

Learn Server Streaming RPC in gRPC — how a single client request triggers a continuous stream of server responses, ideal for real-time data feeds.

Client Streaming RPC

Understand Client Streaming RPC in gRPC — where the client streams multiple messages and receives a single aggregated response from the server.

Bidirectional Streaming RPC

Learn Bidirectional Streaming RPC in gRPC — where client and server both send independent message streams over a single connection simultaneously.

Protobuf Message

What is a Protobuf Message? Learn how Protocol Buffer messages define typed fields for binary-efficient gRPC request and response serialization.

gRPC Reflection

Learn about gRPC Reflection — the service extension that lets clients dynamically discover gRPC APIs at runtime, used by grpcurl and Postman.

gRPC Health Checking Protocol

Understand the gRPC Health Checking Protocol — the standard grpc.health.v1 service used by Kubernetes and load balancers to verify gRPC server readiness.

gRPC Load Balancing

Learn gRPC Load Balancing — why per-connection TCP load balancing fails for gRPC and how client-side or L7 proxies distribute RPCs correctly.

gRPC Retry Policy

What is a gRPC Retry Policy? Learn how to configure retryable status codes, max attempts, and backoff parameters for safe automatic retries in gRPC.

gRPC Error Details

Learn gRPC Error Details — how google.rpc.Status attaches structured error information like retry hints and field violations to gRPC responses.

gRPC-Gateway

What is gRPC-Gateway? Learn how it translates RESTful HTTP/JSON API requests into gRPC calls, letting any HTTP client consume gRPC services.

gRPC Keepalive

Learn about gRPC Keepalive — how periodic HTTP/2 PING frames detect dead connections and keep NAT mappings alive for long-lived gRPC channels.

RPC (Remote Procedure Call)

What is RPC (Remote Procedure Call)? Learn how frameworks like gRPC, Thrift, and JSON-RPC let clients invoke remote functions as if they were local.

Protobuf Oneof

What is Protobuf Oneof? Learn how the oneof feature enables polymorphic message types and discriminated union variants in Protocol Buffer schemas.

gRPC Compression

Learn about gRPC Compression — how gzip, snappy, and zstd reduce bandwidth for large gRPC payloads, negotiated per-message via grpc-encoding headers.

SIP & VoIP (20)

SIP INVITE

Learn the SIP INVITE method — how it initiates voice and video calls via SDP offer/answer exchange and establishes the three-way handshake for a dialog.

SIP Proxy Server

What is a SIP Proxy Server? Learn how stateful and stateless proxies route SIP requests, authenticate users, fork calls, and differ from redirect servers.

SIP Redirect Server

What is a SIP Redirect Server? Learn how 3xx responses point clients to alternative contact URIs without the server forwarding the request itself.

SIP Transaction

Understand SIP Transactions — request-response exchanges identified by Via branch parameters, with retransmission timers that compose to form dialogs.

SIP User Agent

What is a SIP User Agent? Learn about UAC and UAS roles, how VoIP phones and softphones initiate and receive SIP sessions, and manage dialog state.

SIP Trunk

What is a SIP Trunk? Learn how virtual SIP connections replace phone lines, carry concurrent calls, and require firewall and NAT configuration.

RTP (Real-time Transport Protocol)

What is RTP (Real-time Transport Protocol)? Learn how timestamps and sequence numbers enable low-latency audio and video packet delivery over UDP.

SRTP (Secure Real-time Transport Protocol)

What is SRTP (Secure Real-time Transport Protocol)? Learn how it encrypts voice and video media with AES, providing confidentiality and replay protection.

SIP ACK

Learn about SIP ACK — the acknowledgment method that completes the INVITE three-way handshake and fully establishes a SIP dialog after a final response.

SIP BYE

What is SIP BYE? Learn how either party terminates an active SIP call, triggers RTP media teardown, and follows the established dialog Route set.

SIP CANCEL

What is SIP CANCEL? Learn how it aborts a pending INVITE transaction before a final response is received, triggering 487 Request Terminated on the server.

SIP OPTIONS

What is SIP OPTIONS? Learn how it queries server capabilities — codecs, methods, extensions — and serves as a SIP trunk keepalive without a session.

SIP SUBSCRIBE/NOTIFY

Learn SIP SUBSCRIBE/NOTIFY — how event subscriptions deliver presence and call state updates, used by BLF and unified communications platforms.

B2BUA (Back-to-Back User Agent)

What is a B2BUA (Back-to-Back User Agent)? Learn how it terminates and re-originates SIP legs, enabling transcoding and media anchoring in PBXs.

SBC (Session Border Controller)

What is an SBC (Session Border Controller)? Learn how it secures VoIP networks, handles NAT traversal, and normalizes SIP at network boundaries.

Codec Negotiation

Learn Codec Negotiation in SIP and WebRTC — how the SDP offer/answer exchange selects audio and video codecs like G.711, Opus, H.264, and VP8.

SIP Response Classes

Reference for SIP response classes (1xx–6xx) — learn what 180 Ringing, 183 Session Progress, 486 Busy Here, and 603 Decline status codes mean.

VoIP (Voice over IP)

What is VoIP (Voice over IP)? Learn how SIP, RTP, and SRTP carry voice and video over IP, and the challenges of jitter, packet loss, and NAT.

Presence (SIP)

What is SIP Presence? Learn how SUBSCRIBE/NOTIFY and PIDF XML bodies deliver online, busy, and away availability for unified communications.

PBX (Private Branch Exchange)

What is a PBX (Private Branch Exchange)? Learn how IP-PBX systems like Asterisk use SIP trunks to route calls and provide enterprise telephony.

FTP & File Transfer (20)

FTP Active Mode

Learn how FTP active mode works — the PORT command flow, why client-side firewalls block it, and when to use passive mode instead.

FTP Passive Mode

Understand FTP passive mode — how the PASV command solves NAT and firewall issues, and why it is the modern default for FTP file transfers.

FTP Control Channel

Learn about the FTP control channel — the persistent port 21 connection that carries all commands and reply codes throughout an FTP session.

FTP Data Channel

Understand the FTP data channel — the separate TCP connection opened for each file transfer, and how active vs passive mode affects how it is established.

SFTP (SSH File Transfer Protocol)

Learn what SFTP is, how it fundamentally differs from FTP and FTPS, and why it is the recommended choice for secure file transfers over SSH.

FTPS (FTP Secure)

Understand FTPS (FTP Secure) — implicit vs explicit modes, how AUTH TLS encrypts the FTP control and data channels, and how FTPS compares to SFTP.

FTP Reply Code

Learn how FTP reply codes work — the 1xx through 5xx status classes, what each digit signals, and how to interpret common FTP server responses.

FTP Anonymous Access

Learn about FTP anonymous access — how it works, the 'anonymous' username convention, and its use for public file distribution without real credentials.

FTP Transfer Mode (ASCII vs Binary)

Understand FTP's ASCII vs binary transfer modes — when each is appropriate, how line-ending conversion works, and why binary mode is essential for executables.

FTP Resume (REST Command)

Learn how the FTP REST command enables resumable file transfers — setting a byte offset to continue interrupted downloads or uploads without starting over.

SCP (Secure Copy Protocol)

Understand SCP (Secure Copy Protocol) — how it uses SSH for encrypted file transfers, its simple syntax, and how it compares to the more capable SFTP.

FTP Chroot Jail

Learn what an FTP chroot jail is — how it locks users inside their home directory, why it matters for server security, and how to configure it.

WebDAV (Web Distributed Authoring and Versioning)

Learn what WebDAV is — the HTTP extension for remote file management, its custom methods like PROPFIND and LOCK, and common use cases in cloud storage.

rsync

Understand rsync — the incremental file transfer utility that sends only changed blocks, how it works over SSH, and why it outperforms SCP for large syncs.

FTP MLSD (Machine-Readable Listing)

Learn about FTP MLSD — the RFC 3659 machine-readable directory listing command that replaces the ambiguous LIST output with structured, parseable facts.

FTP NAT Traversal

Understand FTP NAT traversal — why FTP struggles through NAT, the role of ALG, passive mode, and EPSV commands for reliable connections behind firewalls.

Transfer Integrity

Learn about transfer integrity — MD5/SHA-256 checksums, the FTP HASH command, and HTTP ETags that verify files arrive unchanged after transfer.

FTP over TLS (RFC 4217)

Understand FTP over TLS (RFC 4217) — the AUTH TLS upgrade handshake, the PROT command for data channel encryption, and how it defines explicit FTPS.

File Locking

Learn about file locking — advisory vs mandatory locks, WebDAV LOCK/UNLOCK, and how concurrent access is controlled in FTP, NFS, and collaborative systems.

Bandwidth Throttling

Understand bandwidth throttling — how FTP and HTTP servers limit transfer rates to prevent saturation, ensure fairness, and manage upstream link capacity.

Authentication & OAuth (20)

OAuth Authorization Code Flow

Learn the OAuth 2.0 authorization code flow — the redirect, code exchange, back-channel request, and why it is the most secure grant type for web apps.

OAuth Client Credentials Flow

Understand the OAuth client credentials flow — machine-to-machine authentication without user involvement, when to use it, and how it compares to API keys.

OAuth Implicit Flow (Legacy)

Learn why the OAuth implicit flow is deprecated — its token exposure risks, why it was created, and the Authorization Code + PKCE flow that replaces it.

PKCE (Proof Key for Code Exchange)

Understand PKCE (Proof Key for Code Exchange) — how the code verifier and challenge prevent authorization code interception, and why it's required for SPAs.

OIDC (OpenID Connect)

Learn what OpenID Connect (OIDC) is — how it layers user authentication on OAuth 2.0, what ID tokens contain, and how OIDC enables federated SSO.

Refresh Token

Understand OAuth refresh tokens — how they silently obtain new access tokens, why rotation matters for security, and how to store them safely.

Access Token

Learn what an OAuth access token is — opaque vs JWT formats, how Bearer authentication works, and why short lifetimes limit the impact of token theft.

Token Introspection (RFC 7662)

Learn about OAuth token introspection (RFC 7662) — how resource servers query the authorization server to validate opaque tokens and retrieve their metadata.

Token Revocation (RFC 7009)

Understand OAuth token revocation (RFC 7009) — how clients invalidate tokens for logout and security response, and why JWT revocation requires blocklists.

OAuth Scopes

Learn how OAuth scopes work — declaring required permissions, user consent, and how granted scopes limit what an access token is authorized to do.

JWT Claims

Learn about JWT claims — registered claims (iss, sub, exp, iat), public claims, and private claims, and how they convey identity and authorization data.

JWK (JSON Web Key)

Understand JWK and JWKS — the JSON Web Key format for publishing public keys that resource servers use to verify JWT signatures without shared secrets.

SAML (Security Assertion Markup Language)

Learn what SAML is — XML assertions, Identity Provider and Service Provider roles, and why it remains the dominant SSO standard in enterprise environments.

SSO (Single Sign-On)

Understand Single Sign-On (SSO) — how one login grants access to multiple apps, the role of SAML and OIDC, and how central logout propagates across services.

MFA (Multi-Factor Authentication)

Learn how Multi-Factor Authentication works — the three factor categories, TOTP vs SMS vs hardware keys, and why MFA limits the damage of stolen passwords.

TOTP (Time-Based One-Time Password)

Understand TOTP (Time-Based One-Time Password) — how RFC 6238 generates time-bound codes, how authenticator apps work, and its advantages over SMS OTP.

HTTP Basic Authentication

Learn how HTTP Basic Authentication works — base64 encoding of credentials, why HTTPS is required, and when it is appropriate compared to token-based auth.

HTTP Digest Authentication

Understand HTTP Digest Authentication — the nonce-based MD5 challenge-response mechanism, how it improves on Basic Auth, and why token-based auth superseded it.

Session Token

Learn what a session token is — how server-side session lookup works, the role of cookies, and how session tokens compare to stateless JWT access tokens.

Passkey (WebAuthn)

Learn what passkeys (WebAuthn/FIDO2) are — public-key passwordless authentication, how device-bound signing works, and why passkeys resist phishing attacks.

TLS & Encryption (20)

TLS Versions

Understand TLS versions — SSL 3.0, TLS 1.0/1.1 (deprecated), TLS 1.2, and TLS 1.3. Learn which to enable and why older versions are insecure.

TLS 1.3

Learn about TLS 1.3 — the fastest, most secure TLS version featuring a 1-RTT handshake, mandatory forward secrecy, and removal of all weak legacy ciphers.

Certificate Authority (CA)

What is a Certificate Authority (CA)? Learn how CAs issue and validate TLS certificates, and the difference between DV, OV, and EV certificates.

Certificate Chain

Understand TLS certificate chains — how leaf, intermediate, and root CA certificates link together to establish browser trust during TLS handshakes.

Certificate Pinning

Learn about certificate pinning — a technique to prevent MITM attacks by hardcoding expected certificate fingerprints in clients and mobile apps.

Certificate Transparency (CT)

What is Certificate Transparency (CT)? Learn how public CT logs and Signed Certificate Timestamps help detect misissued TLS certificates and protect HTTPS.

Forward Secrecy (PFS)

Understand Perfect Forward Secrecy (PFS) in TLS — how ephemeral ECDHE key exchange ensures past sessions remain secure even if a private key is stolen.

SNI (Server Name Indication)

What is SNI (Server Name Indication)? Learn how TLS clients send the target hostname in ClientHello to enable multiple HTTPS sites on one IP address.

OCSP (Online Certificate Status Protocol)

Learn about OCSP — the Online Certificate Status Protocol for checking TLS certificate revocation status in real time during the TLS handshake.

OCSP Stapling

Understand OCSP Stapling — how servers embed signed certificate revocation status in the TLS handshake to improve privacy and reduce latency.

Let's Encrypt

Learn about Let's Encrypt — the free automated CA that issues 90-day TLS certificates via ACME, powering HTTPS on hundreds of millions of websites.

ACME Protocol (RFC 8555)

What is the ACME Protocol (RFC 8555)? Learn how ACME automates TLS certificate issuance and renewal via HTTP-01 and DNS-01 domain validation challenges.

TLS Session Resumption

Learn about TLS session resumption — how session tickets and PSK pre-shared keys let clients skip full handshakes and reduce reconnection latency significantly.

0-RTT (Zero Round Trip Time)

What is 0-RTT in TLS 1.3? Learn how Zero Round Trip Time reduces latency for resumed sessions and why replay attack risks must be managed carefully.

Key Exchange

Understand TLS key exchange — how ECDHE and Diffie-Hellman allow two parties to agree on a shared secret without transmitting it over the network.

PKI (Public Key Infrastructure)

Learn about PKI (Public Key Infrastructure) — the system of CAs, certificates, and policies that underpins TLS trust on the internet and in private networks.

SSL Stripping

What is SSL stripping? Learn how this MITM attack downgrades HTTPS connections to HTTP, and why HSTS headers and HSTS preloading are the primary defences.

CT Log (Certificate Transparency Log)

Learn about CT Logs (Certificate Transparency Logs) — append-only Merkle tree ledgers of all issued TLS certificates used to detect misissuance.

TLS Fingerprinting (JA3/JA4)

Understand TLS fingerprinting (JA3/JA4) — how ClientHello parameters create a client fingerprint used for bot detection and network traffic analysis.

Post-Quantum TLS

Learn about Post-Quantum TLS — how ML-KEM and ML-DSA algorithms protect TLS connections against future quantum computer attacks on current encryption.

Load Balancing & Proxying (20)

Layer 4 Load Balancing

What is Layer 4 load balancing? Learn how L4 LBs route TCP/UDP traffic by IP and port without reading HTTP content, offering high throughput.

Layer 7 Load Balancing

Understand Layer 7 load balancing — how application-layer LBs route HTTP requests by URL, headers, and cookies for content-based traffic distribution.

Sticky Sessions (Session Affinity)

Learn about sticky sessions (session affinity) in load balancing — how LBs use cookies or IP hashing to route clients to the same backend server.

Consistent Hashing

What is consistent hashing? Learn how it minimises key redistribution when backends are added or removed in load balancers and distributed caches.

Weighted Round Robin

Understand weighted round robin load balancing — how assigning server weights distributes traffic proportionally to capacity for efficient resource use.

Least Connections

Learn about the Least Connections load balancing algorithm — routing new requests to the backend with fewest active connections for balanced load.

Forward Proxy

What is a forward proxy? Learn how forward proxies make outbound requests on behalf of clients for anonymity, caching, and corporate content filtering.

Transparent Proxy

Learn about transparent proxies — how they intercept traffic without client configuration using iptables or WCCP for caching and content filtering.

PROXY Protocol

What is PROXY Protocol? Learn how HAProxy's TCP header standard preserves the original client IP through multiple proxy and load balancer layers.

HAProxy

Learn about HAProxy — the open-source TCP/HTTP load balancer with advanced health checks, ACL routing, and PROXY Protocol used by major internet platforms.

Nginx (as Reverse Proxy)

Learn how Nginx functions as a reverse proxy and load balancer — terminating TLS, routing requests with proxy_pass, and caching upstream responses.

Envoy Proxy

What is Envoy Proxy? Learn how this CNCF L7 proxy powers Kubernetes service meshes with HTTP/2, gRPC, circuit breaking, and dynamic xDS API configuration.

SSL Offloading

Understand SSL offloading — decrypting TLS at the load balancer to reduce CPU load on backend servers while enabling HTTP-layer traffic inspection.

GSLB (Global Server Load Balancing)

Learn about GSLB (Global Server Load Balancing) — DNS-based traffic routing across multiple regions for geo-proximity, latency, and failover.

Backend Pool

What is a backend pool in load balancing? Learn how LBs manage groups of origin servers with health checks and dynamic registration via service discovery.

Failover

Understand failover in load balancing — automatic traffic rerouting when a backend fails health checks, and how active-passive HA configurations work.

Request Routing

Learn about request routing in load balancers — how URL paths, headers, and methods determine which backend handles each request, enabling canary releases.

Active-Passive HA

What is Active-Passive HA? Learn how standby servers take over via VRRP and heartbeat failover when the primary node fails in high-availability setups.

Connection Multiplexing (Proxy)

Understand connection multiplexing in proxies — how LBs reuse backend connections across multiple client requests to reduce connection overhead.

xDS (Discovery Service Protocol)

What is xDS? Learn how Envoy's discovery service APIs (LDS, RDS, CDS, EDS) enable dynamic proxy configuration from Istio and other service mesh control planes.