HTTP was designed from the beginning to support multiple representations of the same resource. A user profile can be represented as JSON for a machine consumer or as HTML for a browser. A dataset can be returned as JSON or as CSV depending on what the client intends to do with it. An image can be served as JPEG or WebP based on what the browser supports. Content negotiation is the mechanism through which clients and servers agree on which representation to use — and understanding it is essential for building APIs that serve diverse consumers cleanly.

CORS is the source of more developer frustration than almost any other browser security mechanism — not because it is poorly designed, but because its error messages are opaque, its rules are non-obvious, and it only manifests in a specific context that server-side developers often do not encounter during development. Understanding what CORS actually is and why it exists transforms it from an arbitrary obstacle into a predictable system with clear rules.

Caching is one of the highest-leverage performance improvements available to an API, and one of the least consistently implemented. A response that is cached at the right layer — in a CDN, a reverse proxy, or the client itself — eliminates a server round trip entirely. At scale, that elimination compounds: fewer database queries, lower infrastructure cost, faster responses for every consumer. The HTTP specification provides a complete, standardized caching system. Most APIs use it only partially, leaving significant headroom unrealized.