1–2. Foundations — Overview
How the web actually works under the hood. Split into Web Fundamentals (Ch 1) and Production Engineering (Ch 2).
Foundations — Web Fundamentals & Production Engineering
How the web actually works under the hood — split into two sidebar chapters.
The sidebar divides this material into Chapter 1 (Web Fundamentals) through payments/email, then Chapter 2 (Production Engineering) for concurrency, production patterns, and debugging. Same directory, two arcs.
Parallel build track: If you're following the Roadmap stages, use this chapter as lookup — see How to use this roadmap.
This material covers the bedrock concepts every web developer must understand. These ideas haven't fundamentally changed in twenty years and won't change in the next twenty. Frameworks come and go; HTTP and the DOM remain.
If you can explain everything in this chapter confidently, you have a stronger foundation than most working developers.
If you've never built a website: This is the longest chapter in the series, but it's the most important one. Every later chapter assumes you've read this.
Mental model to hold throughout: Two computers having a conversation. One asks ("client"), one answers ("server"). Every feature on the web — every video, every login button, every chat message — is built from variations of that conversation, repeated billions of times per day.
Jargon you'll meet (and we'll define): client, server, HTTP, HTTPS, DNS, IP address, TLS, CDN, browser, DOM, rendering, API, REST, JSON, database, SQL, NoSQL, authentication, authorization, cookies, JWT, deployment, CI/CD. Don't try to memorize them — read once, refer back as needed.
One-sentence summary you'll be able to give by the end: "When I type a URL, my browser asks DNS where the server is, opens an encrypted connection to it, sends an HTTP request, and renders the HTML/CSS/JavaScript that comes back — possibly making more requests for data along the way."
If you only remember one thing: The web is built on HTTP requests and responses. Everything else is decoration on top of that.
How this chapter is organized
Each page focuses on one topic with worked examples and beginner callouts. Read them in order the first time; revisit any single page later when you need a refresher.
The big picture (start here)
- The Client–Server Model — Two computers having a conversation.
- HTTP & HTTPS Basics — The language clients and servers speak.
- HTTP Methods & Status Codes — Verbs (GET, POST...) and numeric replies (200, 404, 500).
- HTTP Headers & Cookies — How requests carry metadata and how sites remember you.
Getting bytes to the user
- DNS: The Internet's Phone Book — Turning names like
google.cominto IP addresses. - CDNs and the Edge — Why your site is fast for someone in Tokyo even though your server is in Virginia.
Inside the browser
- The Browser as a Runtime — A surprising amount happens between "page loads" and "page shows."
- The Rendering Pipeline — DOM, CSSOM, layout, paint, composite. Where performance lives.
Rendering strategies
- Rendering Strategies Overview — Who builds the HTML, and when?
- SSG — Static Site Generation — Pre-build everything, serve from a CDN.
- SSR — Server-Side Rendering — Build HTML per request, on the server.
- CSR — Client-Side Rendering — Browser builds the page with JavaScript.
- ISR, Streaming & PPR — Hybrid strategies invented to mix the best of all three.
- SPA vs MPA vs Hybrid — A related but different distinction.
Talking to backends
- REST APIs — The most common style.
- GraphQL & tRPC — Newer styles, when they help.
- Real-Time: gRPC, WebSockets, SSE — When request/response isn't enough.
- WebRTC — Peer-to-peer audio, video, and data channels.
- Message Queues — Async work between services.
Storing data
- Relational (SQL) Databases — The dominant default.
- NoSQL & Specialized Databases — Document, key-value, search, vector.
- Choosing a Database — A pragmatic 2026 decision guide.
- Search — Full-text search beyond SQL
LIKE. - Files & Media — Uploads, object storage, CDNs for assets.
Who can do what
- Authentication: Proving Identity — Passwords, OAuth, magic links, passkeys.
- Authorization: Permissions & Tokens — Sessions, JWTs, RBAC, RLS.
- Web Security — XSS, CSRF, CSP, SQLi, SSRF, supply chain.
- Security Headers & Checklist — HSTS, CSP rollout, SRI, and debugging CORS.
Getting code to users
- The Deployment Pyramid — Source → CI → artifact → registry → deploy → runtime → CDN → user.
- Deployment Stages, Explained — Each stage in detail.
- Containers — Docker images, registries, orchestration basics.
- Edge Computing — Running code close to users.
Programming concepts
- Concurrency — Event loop, threads, async primitives.
- Distributed Systems (intro) — What changes past one machine.
Production patterns
- Rate Limiting — Protecting APIs from abuse.
- Caching — Layers, invalidation, CDN vs in-memory.
- Secrets & Keys — Env vars, vaults, rotation.
- Observability Fundamentals — Logs, metrics, traces.
- Testing — Unit, integration, E2E at a conceptual level.
- Debugging — Systematic troubleshooting in the browser and on the server.
Quality, performance & a11y
- Performance — Core Web Vitals and perceived speed.
- Accessibility — WCAG, ARIA, keyboard, screen readers.
Realtime collaboration
- CRDTs — Conflict-free replicated data types.
Localization & SEO
- Internationalization — i18n, l10n, RTL, locale routing.
- SEO — Technical SEO developers actually own.
Commerce & comms
-
Payments — Stripe, subscriptions, webhooks, PCI scope.
-
Email — SPF/DKIM/DMARC and deliverability.
-
Web Fundamentals Checkpoint — Pass to unlock the Roadmap (build track) or continue to Production Engineering.
-
Production Engineering Checkpoint — Completes the Foundations arc.
When you finish Web Fundamentals, you can continue to Production Engineering (sidebar Chapter 2) or jump to Chapter 3: Roadmap after passing the mid-checkpoint.