Chapter 7
Application Layer and HTTP
The protocols that carry meaning a human cares about — HTTP and its three wire formats, cookies and sessions, push channels, and modern RPC — and why almost all of them now ride port 443.
Everything below this chapter — frames, packets, segments, names — exists to get bytes from one process to another. This chapter is about what those bytes say. The application layer is where protocols encode meaning a person actually wants: a web page, a login session, a stock-price stream, a remote procedure call. Almost all of them follow the same request/response shape, lean on the transport for reliability, and increasingly run over a single port — 443 — because that is the one the firewall lets through.
HTTP is the spine of the chapter, and you will meet it three times: HTTP/1.1 for the semantics that never changed, HTTP/2 for the binary multiplexed rewrite of the wire, and HTTP/3 over QUIC for the move off TCP entirely. Around it sit the pieces that turn stateless requests into real applications — cookies and sessions, WebSockets and Server-Sent Events for server-initiated data, and gRPC for typed binary RPC between services. By the end you should be able to read a curl -v trace, name every status class, and pick the right transport for "the server needs to tell the client something now."
Topics in This Chapter
keep-alive still blocks head-of-line.Set-Cookie rebuilds identity, what the Secure/HttpOnly/SameSite flags defend, and server-side store vs self-contained token.