25 Jun 2025 3 min read cs-101

Web Fundamentals: A Fast, No-BS Refresher

A no-fluff guide to how the web actually works — from DNS and HTTP to caching, cookies, and request lifecycles. If you're building for the web, this 10-minute refresher gives you the mental model you need to debug fast and build smarter.

Photo by NASA / Unsplash

You build a product. You deploy it. Someone types a URL and magic happens.

Except… not really. The web stack looks simple from the outside — but under the hood, it's a cascade of moving parts, handshake protocols, and caching hacks.

If you're building anything online (startup, side-project, SaaS), you need a solid grasp of the fundamentals. Not the nitty-gritty RFCs — just enough to debug confidently and design smart defaults.

Here’s your 10-minute crash course.

🌍 The Web Is Just a Big Request/Response Loop

At its core:

The client (browser, app, script, LLM) makes a request to a server.
The server receives it, processes it, and sends back a response.

This is HTTP — HyperText Transfer Protocol. Stateless. Text-based. Runs on TCP/IP.

Example:

httpCopyEditGET /index.html HTTP/1.1  
Host: example.com  
User-Agent: Mozilla/5.0

Server replies:

httpCopyEditHTTP/1.1 200 OK  
Content-Type: text/html  
Content-Length: 4213

Then the browser renders it, and may fire more requests (CSS, JS, images). This dance happens hundreds of times in milliseconds.

🧠 Anatomy of a URL

Let’s dissect a common web address:

http

://app.example.com:443/dashboard?filter=active#section2

Part	Meaning
`https`	Protocol (secure HTTP)
`app.example.com`	Subdomain + domain
`:443`	Port (default for HTTPS, usually hidden)
`/dashboard`	Path on the server
`?filter=active`	Query string (sent to backend)
`#section2`	Fragment (used only by client, not sent)

Knowing this helps debug routing issues, proxy problems, and server configs.

🚦 The HTTP Request Lifecycle (Frontend → Backend)

Here’s the full chain when someone visits your app:

DNS resolution: Browser asks “who is example.com?”
TCP handshake: Client and server establish a connection.
TLS negotiation (if HTTPS): They agree on encryption keys.
Request sent: Client sends headers + optional body (POST, PUT).
Server processes: Might hit a DB, cache, or trigger code.
Response sent: Server replies with headers + content.
Browser renders: Based on response (HTML, JSON, etc).
More requests: Assets load. JS might fire API calls.

Every step can fail. Know where to look when things break.

🛠 Key HTTP Methods

Not all requests are created equal.

Method	Use Case
GET	Retrieve data
POST	Create something new
PUT	Replace existing resource
PATCH	Partially update
DELETE	Remove a resource
OPTIONS	Preflight CORS checks

💡 Tip: Use GET for idempotent reads. Don’t send sensitive data via query strings.

🪪 Cookies, Headers & Auth

Most backend logic depends on these three:

Headers: Metadata (e.g. Authorization: Bearer <token>)
Cookies: Stored on client, auto-sent with requests
Body: Payload for POST/PUT requests

For auth:

Cookies = easier for web, but prone to CSRF
Bearer tokens = cleaner for APIs, mobile

Also worth noting:

SameSite cookies reduce cross-site attacks
Secure + HttpOnly flags protect from JS leaks

💥 Caching 101

Caching is both a performance win and a debugging nightmare.

Where caching can happen:

Browser cache
CDN cache (e.g. Cloudflare)
Reverse proxy (e.g. NGINX)
App layer (Redis, memcached)
Database query cache

Control it with headers like:

Cache-Control: no-store  
ETag: "v1.23"  
Expires: Wed, 21 Jun 2025 07:28:00 GMT

💡 Pro tip: When a user says "I still see the old version," suspect cache first.

🧱 HTML, CSS, JS — The Frontend Trinity

HTML defines structure (<div>, <h1>, <form>)
CSS defines appearance (colors, layout, spacing)
JavaScript defines behavior (clicks, animations, fetches)

They’re loaded in the browser, parsed in order, and executed in the render tree. Modern stacks (React, Vue, etc) abstract some of this — but it still matters.

If something flashes, jumps, or delays — it's likely render timing or blocking scripts.

🔁 APIs and JSON

Most dynamic apps now use client-side JS to fetch data from REST APIs.

Example API call:

bashCopyEditGET /api/users/42
Accept: application/json

Response:

{
  "id": 42,
  "name": "Alice",
  "role": "admin"
}

Modern stacks (Next.js, Remix, Astro) often blend server + client — but this JSON-over-HTTP model still dominates.

🧰 Bonus Fundamentals Worth Knowing

Concept	Why it matters
DNS records	Debug custom domains, email, etc
SSL/TLS certs	Avoid browser errors, enforce HTTPS
Content-Type	Controls how the browser interprets it
CORS	Fix "blocked by CORS policy" errors
WebSockets	For real-time updates (chat, sync)
CDNs	Speed up static assets globally
DevTools	Your best friend for frontend debugging

✅ TL;DR — Web Mental Model

You don’t need to memorize HTTP specs or quote RFCs. But you do need this map in your head:

Browser → DNS → TCP → TLS → HTTP → Server logic → DB/cache → Response → Render → API calls → State updated

Knowing what happens when, and what layer owns what responsibility, makes you 10x faster at debugging and architecting clean flows.

Rule to remember:
Frontend is presentation. Backend is logic. But everything is just input → output over a wire.