Open any website and you are looking at the work of two very different teams of code, running in two very different places. One part runs right there on your own device, inside your browser, and you can see it with your own eyes. The other part runs far away on a machine you will never lay a finger on, and it stays completely hidden from you. People call these two halves the frontend and the backend.
A lot of beginners learn these words as job titles or as buzzwords on a course outline. That is a shame, because the real distinction is much simpler and much more useful: it is about where the code runs. Once you can picture those two places clearly, almost everything else about how the web works starts to click into place. So let’s look at it from the one vantage point you already have in front of you every day — the browser.
What the browser actually receives
When you type an address and press Enter, your browser sends a short message across the internet asking for a page. A machine somewhere answers, and what it sends back is mostly just text. Three kinds of text, to be precise: HTML (the content and structure of the page), CSS (the styling — colors, fonts, spacing), and JavaScript (the behavior — what happens when you click, type, or scroll).
Your browser reads that text and turns it into the page you see. Here is the key point: all of that text is now on your computer. It was delivered to you, and your browser is free to show it to you. This is the frontend.
Your device (browser) A server (somewhere)
┌───────────────────┐ ┌───────────────────┐
│ "Give me the │ request → │ │
│ home page" │ │ decides what │
│ │ ← response │ to send back │
│ receives HTML, │ │ │
│ CSS, JavaScript │ │ │
└───────────────────┘ └───────────────────┘
FRONTEND BACKEND
(you can see it) (hidden from you)
Want proof that the frontend is genuinely on your machine? Almost every desktop browser lets you right-click a page and choose “View Page Source,” or open the Developer Tools. You will see the raw HTML, the styles, and the scripts — the exact ingredients the browser used to build what you are looking at. Nothing is stopping you from reading every line.
Try it yourself
Right-click on this very page and pick “View Page Source.” Everything you see in that window is the frontend — text that was sent to your browser and is now sitting on your device.
The frontend: code that runs where you can see it
The frontend is everything that happens inside your browser. A button that changes color when you hover over it, a menu that slides open, a form that warns you “this email looks wrong” before you even submit it — that is frontend code doing its job on your device, in real time.
Because it runs on your machine, the frontend has two defining traits that are worth understanding early:
- It is visible. Anyone can open the developer tools and inspect the HTML, read the CSS, and step through the JavaScript. There are no real secrets in frontend code.
- It is in the visitor’s hands. The browser running the code belongs to the visitor, not to the website’s owner. A determined visitor can change the page locally, block a script, or feed it unexpected input.
That second trait has a consequence people often learn the hard way: you can never fully trust anything the frontend tells you, because the visitor controls it. A price shown on a page, a “you are an admin” flag, a check that says a form is valid — all of it can be tampered with on the visitor’s side. Useful for a smooth experience, yes. Trustworthy as the final word, no.
If you want a friendly tour of the three frontend languages and how they fit together, the frontend category on this blog walks through HTML, CSS, and JavaScript one piece at a time.
The backend: code that runs where you cannot see it
Now for the other place. The backend is the code running on the server — the machine that received your request and decided what to send back. You never see this code. It is not delivered to your browser; it stays on the server, does its work, and only the result travels back to you.
Think about logging into an account. You type a username and password, your browser sends them off, and a moment later you are either in or you are not. Everything that happens in that moment — checking the password against stored records, deciding whether you are allowed in, looking up your data — happens on the backend, out of sight. All your browser receives is the verdict.
The backend is typically where the things that must be trustworthy live:
- The real database of users, orders, messages, and so on.
- The rules that decide who is allowed to do what.
- Secret keys and passwords for talking to other services.
- The final say on every important decision.
Why keep all of that on the server? Because the server is a place you control as the website owner, and the visitor does not. Unlike the frontend, backend code is never handed to the visitor, so it cannot be read or rewritten by them. That is exactly why the sensitive work belongs there.
A common beginner trap
Never put a secret — an API key, a password, a private rule — in frontend code. Since the frontend is sent to every visitor’s browser, “hidden” in frontend JavaScript is not hidden at all. Secrets belong on the backend.
Watching the two talk to each other
The frontend and backend are not isolated; they have a conversation. The frontend sends requests (“give me the home page,” “save this comment,” “is this username taken?”) and the backend sends back responses (“here is the page,” “saved,” “yes, taken”). This back-and-forth is the heartbeat of nearly every website.
You can actually watch this conversation happen. Open your browser’s Developer Tools and look for the Network tab, then reload a page. You will see a list of every request the browser made and every response it got back. It is one of the clearest windows into the frontend–backend relationship there is.
Frontend Backend
(browser) (server)
click "Post comment" ──── request ───▶ check you're allowed
save the comment
show "Posted!" ◀─── response ─── send back "ok"
Notice how the work is split. The frontend handles what the user sees and does. The backend handles what must be stored and trusted. The frontend asks; the backend decides. Neither is more important than the other — a website needs both, the way a restaurant needs both a dining room and a kitchen.
A simple side-by-side
Here is the whole idea boiled down into a table you can keep in your head:
| Question | Frontend | Backend |
|---|---|---|
| Where does it run? | In the visitor’s browser, on their device | On a server you control |
| Can the user see the code? | Yes — view source, dev tools | No — it never leaves the server |
| Main languages | HTML, CSS, JavaScript | Many: e.g. JavaScript, Python, PHP, Java, Go, Ruby |
| Mainly responsible for | What you see and click | What is stored and decided |
| Can you trust it as the final word? | No — the visitor controls it | Yes — the owner controls it |
| Who owns the machine? | The visitor | The website owner |
A small but important footnote: that table draws a clean line, and most of the time the line is exactly that clean. But the web has been getting clever. Some modern setups run JavaScript on the server too, and some pages are partly built on the server before being sent to your browser. Don’t let that worry you. The underlying question never changes: for this particular piece of code, where does it actually run, and can the visitor see it? Answer that, and you always know which side of the line you are on.
The kitchen and the dining room
If all the technical words start to blur, fall back on this picture. A restaurant has a dining room — the part guests walk into, with the menus, the lighting, the tables. That is the frontend: it is what people see, touch, and interact with, and it is built to feel pleasant.
A restaurant also has a kitchen — behind a door, off-limits to guests. That is where the ingredients are stored, the recipes are kept, and the actual cooking happens. That is the backend. Guests never see it, and that is by design: you don’t want strangers wandering in and helping themselves to the supplies.
A guest places an order in the dining room (a request), it travels to the kitchen, the kitchen does the real work, and a finished plate comes back out (a response). The guest enjoys the meal without ever needing to know how the kitchen runs. A website works the very same way.
Recap
The split between frontend and backend looks complicated until you reduce it to one question: where does the code run?
- Frontend runs in the visitor’s browser, on their device. It is the HTML, CSS, and JavaScript that build what you see — and because it lives on the visitor’s machine, anyone can inspect it and nothing in it is truly secret.
- Backend runs on a server you control. It is hidden from the visitor, and that is exactly why the trustworthy work — the real data, the rules, the secrets — lives there.
- The two talk constantly: the frontend sends requests, the backend sends back responses. You can watch every bit of that conversation in your browser’s Network tab.
The best part is that you already have the perfect lab for this in front of you. Open the developer tools on any site, poke around the page source, and watch the network requests fly. From here, a natural next step is to get comfortable with the frontend’s three languages themselves — what HTML, CSS, and JavaScript each do — and then peek at how a request finds its way across the internet to a server in the first place. Every one of those topics gets easier now that you know where the code is running.