Tagged: http

Conditional request and 304 Not Modified response flow with an ETag validator

Caching and incremental recrawl: ETags, Last-Modified, and change detection

How crawlers avoid re-fetching unchanged pages: conditional requests with ETag and Last-Modified, 304 handling, content hashing for change detection, and recrawl scheduling driven by per-page change rate.

crawling http caching

Wed, March 18, 2026 · 22 min read

ALPN and NPN in fingerprinting: how protocol negotiation leaks the client

Traces how the ALPN protocol list in a TLS ClientHello, and its predecessor NPN, fingerprints a client, and why the offered protocols and their order must agree with the HTTP layer that follows or the whole session looks forged.

tls fingerprinting http

Tue, March 3, 2026 · 19 min read

A stack of HTTP request headers in monospace, one labelled User-Agent rendered in mixed case and highlighted in orange, the rest in grey

Header order and casing as a fingerprint: the forgotten HTTP/1.1 tell

Traces how HTTP/1.1 header order and field-name casing fingerprint a client, why every browser and library emits a fixed sequence, and how HTTP/2's mandatory lowercasing erased half the signal while keeping the rest.

http fingerprinting anti-bot

Fri, February 20, 2026 · 22 min read

Three stacked monospace header names Accept, Accept-Language, Accept-Encoding with a single orange underline bar under the word Accept

The Accept, Accept-Language, and Accept-Encoding triad as a browser signature

Traces how the three Accept request headers, their exact default values, q-value syntax, and ordering form a per-browser signature, and how a missing or mismatched triad marks a request as a non-browser client.

http fingerprinting anti-bot

Thu, February 19, 2026 · 20 min read

How HTTP caching headers really work: Cache-Control, Vary, and revalidation

A primary-source reference for HTTP caching: how Cache-Control directives, Expires, ETag and Last-Modified revalidation, Vary, and the stale-* extensions actually behave in private and shared caches under RFC 9111.

http caching web-standards

Mon, December 29, 2025 · 25 min read

The X-Forwarded-For chain: trust, spoofing, and how edges resolve real IPs

Traces how proxies append to the X-Forwarded-For and Forwarded chains, why the client-facing end is trivially spoofable, how trusted-proxy and rightmost-IP resolution actually works, and the security bugs that follow from getting it wrong.

proxies web-security http

Wed, December 24, 2025 · 22 min read

Slowloris and the slow-attack family: starving a server with patience

Traces the low-bandwidth slow attacks: Slowloris, slow POST (RUDY), and slow read, how each pins a worker thread on thread-per-connection servers, why event-driven servers shrug them off, and what actually times them out.

ddos web-security http

Thu, December 18, 2025 · 23 min read

Request smuggling: how HTTP/1.1 desync attacks exploit parser disagreement

Traces how HTTP/1.1's two ways of measuring a request body let a front-end and back-end disagree on where one request ends, how CL.TE and TE.CL desync turns that into socket poisoning, and what actually fixes it.

web-security http request-smuggling

Sun, November 23, 2025 · 21 min read

The history of HTTP: from 0.9 to HTTP/3, told through its RFCs

Traces HTTP from Berners-Lee's one-line 1991 protocol through RFC 1945, the RFC 2068/2616/7230 era of HTTP/1.1, Google's SPDY, HTTP/2 (RFC 7540/9113), and HTTP/3 over QUIC (RFC 9114).

history http web-standards

Tue, October 28, 2025 · 22 min read

The token Mozilla/5.0 rendered in large monospace with a single orange underline bar

The history of the user-agent string and why it's a frozen lie

Traces the user-agent string from RFC 1945 through the Mozilla token, the Mosaic-Netscape-IE spoofing spiral, and Chrome's 2020-2023 freeze and reduction into User-Agent Client Hints.

history http fingerprinting

Sun, October 26, 2025 · 19 min read