INTERNET SPEC REFERENCE

The specs that actually
run the internet

A curated, practical reference for the core internet and web specifications that power SaaS, APIs, authentication, email, and browser applications. Canonical links, real explanations, no fluff.

Browse all specs View stack map

Specs indexed

129

Must-know

Standards bodies

Topic domains

Back Office

Running the company

DNS, email, TLS certificates, and identity — the standards stack for operating a domain, sending authenticated email, and managing employee access.

RFC 5321RFCMust Know

SMTP

Every email your company sends or receives goes through SMTP. You need this to configure mail servers, debug delivery failures, and understand SPF/DKIM/DMARC.

Back OfficeEmail

Details

RFC 5322RFCMust Know

IMF

The structure of every email header you've ever seen is defined here. Essential for email deliverability debugging and understanding DKIM header signing.

Back OfficeEmail

Details

RFC 9051RFCMust Know

IMAP

Your email client (Outlook, Gmail app, Thunderbird, Apple Mail) uses IMAP or JMAP to read mail. Essential for mail server configuration and client integration.

Back OfficeEmail

Details

All back-office specs

Product

Building software

HTTP, OAuth, browser platform, and real-time — the specs you work with every day when building and shipping web apps, mobile backends, and APIs.

WHATWG URLWHATWGMust Know

URL Standard

Browsers parse URLs per this standard, not raw RFC 3986. Critical for client-side routing, form encoding, and cross-origin behavior.

ProductNaming & Addressing

Details

RFC 6797RFCMust Know

HSTS

A one-line HTTP header that eliminates a class of downgrade attacks. Every public web app should set HSTS.

ProductTransport Security

Details

RFC 9110RFCMust Know

HTTP Semantics

This is the core contract of every web API, browser request, and server response. You can't design or debug HTTP without knowing this.

ProductHTTP

Details

All product specs

Browse by Topic

Grouped by what you're building — from internet operations and email to blockchain and API design.

Protocol Stack Map

How the layers fit together — from naming and transport up to the application platform.

Naming & AddressingHow machines find each other: DNS, URIs, IP addressing, domain registration

DNS Concepts DNS Implementation URI URL Standard

TransportHow packets move reliably between endpoints: IP, TCP, UDP, QUIC

Transport SecurityEncryption and authentication at the transport layer: TLS, HSTS

TLS 1.3 HSTS

Certificate TrustPublic key infrastructure, certificate issuance policy, Web PKI

CA/B BR

HTTPRequest/response application protocol: semantics, caching, HTTP/1.1, HTTP/3

HTTP Semantics HTTP Caching HTTP/1.1+1

State & SessionsBrowser identity, sessions, and cross-origin trust: cookies, origin model, CORS, CSP

Cookies CORS CSP

Data FormatsHow data is serialized and exchanged: JSON, multipart, media types

JSON multipart/form-data Media Types

Authentication & AuthorizationWho can do what: OAuth 2.0, OpenID Connect, JWT, WebAuthn

OAuth 2.0 Bearer Tokens PKCE OAuth Security BCP+4

Identity & ProvisioningUser identity federation, directory, and provisioning: SCIM, SAML, LDAP

Browser PlatformThe application runtime: HTML, DOM, CSS, JavaScript, Storage, Workers, Web Components, Crypto, Streams, and platform APIs

HTML DOM Fetch CSS+18

Input & InteractionUser input event models: Pointer, Touch, Keyboard, Gamepad, Drag & Drop, and interaction primitives

UI Events Pointer Events+3

Device Access & SensorsHardware and sensor APIs: Geolocation, Camera/Mic, Bluetooth, USB, Serial, Orientation, Permissions

Permissions Geolocation getUserMedia+14

Graphics & XRGPU rendering and immersive experiences: WebGL, WebGPU, WebXR

WebGL

Real-timeBidirectional and streaming communication: WebSocket, WebTransport, SSE

WebSocket

WebRTCPeer-to-peer audio/video/data in browsers: WebRTC, ICE, STUN, TURN, DTLS-SRTP

Media DeliveryAudio, video, and asset delivery: MSE, EME, HTTP range requests

API DesignStandards for describing and building APIs: OpenAPI, GraphQL, gRPC, AsyncAPI

OpenAPI 3.1+1

EmailElectronic mail transport, format, and anti-abuse: SMTP, IMAP, SPF, DKIM, DMARC

SMTP IMF IMAP SPF+2

VPN & TunnelingEncrypted tunnels and virtual private networks: IPsec, IKEv2, WireGuard, GRE, L2TP

IPsec Architecture ESP IKEv2 WireGuard+6

Blockchain & Web3Decentralized protocols and standards: EIPs/ERCs, BIPs, DIDs, Verifiable Credentials

JSON-RPC 2.0 EIP-1 ERC-20 ERC-721+10

Full stack map with details

Must-Know Specs

The minimum set every engineer running an online business should understand.

RFC 1034RFCMust Know

DNS Concepts

DNS is the phone book of the internet. Every domain, email MX record, SPF/DKIM TXT record, and service discovery entry depends on it.

Back OfficeProductNaming & Addressing

Details

RFC 1035RFCMust Know

DNS Implementation

The record types (A, MX, TXT, CNAME) you configure in every DNS panel live in this spec. Know what you're setting.

Back OfficeProductNaming & Addressing

Details

RFC 3986RFCMust Know

URI

Every URL in your app, API, auth redirect, webhook, or deep link is built on this grammar. Essential for routing, redirects, and OAuth callback validation.

Back OfficeProductNaming & Addressing

Details

WHATWG URLWHATWGMust Know

URL Standard

Browsers parse URLs per this standard, not raw RFC 3986. Critical for client-side routing, form encoding, and cross-origin behavior.

ProductNaming & Addressing

Details

RFC 8446RFCMust Know

TLS 1.3

Every HTTPS connection, SMTP/IMAP over TLS, OAuth token exchange, and API call uses TLS. It is the foundational security layer.

Back OfficeProductTransport Security

Details

RFC 6797RFCMust Know

HSTS

A one-line HTTP header that eliminates a class of downgrade attacks. Every public web app should set HSTS.

ProductTransport Security

Details

All must-know specs

The specs that actuallyrun the internet

Back Office

SMTP

IMF

IMAP

Product

URL Standard

HSTS

HTTP Semantics

Browse by Topic

Protocol Stack Map

Must-Know Specs

DNS Concepts

DNS Implementation

URI

URL Standard

TLS 1.3

HSTS

The specs that actually
run the internet