πŸ‡¬πŸ‡§ πŸ‡¨πŸ‡Ώ
Chapter 2

Four Faces of Suspicion

═══════════════════════════════════════════════════════════════════ CHAPTER 2: FOUR FACES OF SUSPICION ═══════════════════════════════════════════════════════════════════ You now have access to the palace. Four suspects await interrogation, each with secrets to hide and alibis to verify. But be warned - each noble speaks in their own... protocol. The suspects: - Lady Cordelia Cache, Keeper of Treasury - Sir Reginald Redirect, Message Courier - Duchess Athena Authenticate, Security Chief - Baron Felix Form-Data, Royal Scribe Choose wisely. Ask the right questions. The truth hides in the headers. ═══════════════════════════════════════════════════════════════════
Skills You'll Learn: Headers, Query params, Redirects, Content negotiation, HEAD requests

Paste your token to sync progress:

2-1 Lady Cordelia Cache
Not Done
Briefing
Lady Cache controls the treasury. She's nervous, defensive. Ask about the budget discrepancies.
Command
curl "https://httpqueen.net/suspects/cache?question=budget" \ -H "Authorization: Bearer YOUR-TOKEN"
What You'll Learn
Query parameters (?key=value) customize GET requests. Caching (304 Not Modified) means 'you already have the latest version.'
Old Margot whispers: "Try the same question twice. Notice how she responds the second time? Add query parameters for specific questions."
2-2 Sir Reginald Redirect
Not Done
Briefing
Sir Redirect handles all castle messages. He's evasive, always somewhere else. Track him down.
Command
curl -L https://httpqueen.net/suspects/redirect \ -H "Authorization: Bearer YOUR-TOKEN"
What You'll Learn
302 means 'temporarily moved.' Without -L (follow redirects), you only see 'go look over there.' With -L, curl follows automatically.
Old Margot whispers: "He keeps redirecting you! Use -L to follow where he really goes."
2-3 Duchess Athena Authenticate
Not Done
Briefing
The Security Chief herself. She controls all palace access. She's unnervingly calm and asks pointed questions about YOUR investigation.
Command
curl https://httpqueen.net/suspects/authenticate \ -H "Authorization: Bearer YOUR-TOKEN" \ -H "X-Security-Clearance: royal-investigator"
What You'll Learn
Custom headers (X-Something) extend HTTP for application-specific needs. The 'X-' prefix traditionally means 'extension.'
Old Margot whispers: "She requires security clearance to even speak with. Add the X-Security-Clearance header."
2-4 Baron Felix Form-Data
Not Done
Briefing
The Royal Scribe maintains all records. He only responds to properly formatted requests - he's particular about protocol.
Command
curl https://httpqueen.net/suspects/form-data \ -H "Authorization: Bearer YOUR-TOKEN" \ -H "Accept: application/json"
What You'll Learn
Accept header tells the server what format you want back. Content negotiation lets clients and servers agree on data formats.
Old Margot whispers: "The Baron only speaks JSON. Set your Accept header to request the right format."
2-5 Cross-Reference
Not Done
Briefing
Time to compare alibis. Query all suspects together to find contradictions.
Command
curl -L "https://httpqueen.net/suspects/cross-reference?suspects=all" \ -H "Authorization: Bearer YOUR-TOKEN" \ -H "Accept: application/json" \ -H "X-Security-Clearance: royal-investigator"
What You'll Learn
Real HTTP requests often need multiple headers working together. Each header serves a purpose.
Old Margot whispers: "Combine multiple headers. Send Accept, Security-Clearance, and follow redirects all at once."
2-6 Quick Reconnaissance
Not Done
Briefing
Before diving deeper, peek at what information the palace archive holds. Check the headers without downloading everything - time is precious.
Command
curl -I "https://httpqueen.net/archives/metadata?category=security&date=recent" \ -H "Authorization: Bearer YOUR-TOKEN"
What You'll Learn
HEAD requests (-I flag) fetch headers only - useful for checking if resources exist, their size, type, or modification time without downloading content. Query params (?key=value&key2=value2) filter server-side.
Old Margot whispers: "Use -I to make a HEAD request. It fetches only headers, not the body. Add query params to filter what you're checking."