Browser & Network
Browser & Network Overview
Browser rendering principles, HTTP protocols, web security, and client-side storage
Browser & Network
Understanding how browsers work and how network communication happens is essential for building performant and secure web applications.
Core Topics
Browser Principles
Rendering pipeline, event loop, and browser APIs
HTTP Protocol
HTTP/1.1, HTTP/2, HTTP/3, and caching
Web Security
XSS, CSRF, CSP, and secure coding practices
Client Storage
localStorage, IndexedDB, cookies, and caching
Browser Architecture
Browser Architecture
├── User Interface
│ └── Address bar, buttons, bookmarks
├── Browser Engine
│ └── Coordinates rendering and browser processes
├── Rendering Engine (Blink/WebKit/Gecko)
│ ├── HTML Parser → DOM Tree
│ ├── CSS Parser → CSSOM
│ ├── Layout → Render Tree
│ └── Paint → Composite
├── JavaScript Engine (V8/SpiderMonkey/JSC)
│ ├── Parser → AST
│ ├── Interpreter → Bytecode
│ └── JIT Compiler → Machine Code
├── Networking
│ └── HTTP, WebSocket, DNS
├── Data Storage
│ └── Cookies, localStorage, IndexedDB
└── GPU Process
└── Compositing, WebGLRequest Lifecycle
Browser Request Lifecycle
1. URL Input
└── Parse URL, check cache
2. DNS Lookup
└── Browser cache → OS cache → DNS resolver
3. TCP Connection
└── 3-way handshake (+ TLS for HTTPS)
4. HTTP Request
└── Send request with headers
5. Server Processing
└── Process request, generate response
6. HTTP Response
└── Receive response, handle caching
7. Rendering
└── Parse HTML → Build DOM → Layout → Paint
8. JavaScript Execution
└── Parse → Compile → ExecuteKey Concepts
Same-Origin Policy
| Component | Same Origin | Different Origin |
|---|---|---|
| Protocol | https:// = https:// | http:// ≠ https:// |
| Host | example.com = example.com | a.com ≠ b.com |
| Port | :443 = :443 | :80 ≠ :443 |
CORS (Cross-Origin Resource Sharing)
CORS Flow
1. Browser sends request with Origin header
2. Server responds with Access-Control-Allow-Origin
3. Browser allows or blocks based on response
Preflight (for non-simple requests):
1. Browser sends OPTIONS request
2. Server responds with allowed methods/headers
3. Browser sends actual requestPerformance Metrics
| Metric | Description | Target |
|---|---|---|
| TTFB | Time to First Byte | < 200ms |
| FCP | First Contentful Paint | < 1.5s |
| LCP | Largest Contentful Paint | < 2.5s |
| INP | Interaction to Next Paint | < 200ms |
| CLS | Cumulative Layout Shift | < 0.1 |
| TBT | Total Blocking Time | < 300ms |
Debugging Tools
- DevTools Network Panel: Request/response analysis
- DevTools Performance Panel: Runtime profiling
- DevTools Application Panel: Storage inspection
- Lighthouse: Performance auditing
- WebPageTest: Real-world testing