A note on scope: like Layer 5, Layer 6 is a formal OSI concept mostly absorbed into application-level libraries in real TCP/IP stacks — character encoding, serialization, compression, and TLS all do presentation-layer work even though we don't call them that day-to-day.
Converts between the application's native data format and a common wire format both ends agree on.
Reduces payload size before transmission — reversed by the receiver before handing data to the application.
Transforms readable data into ciphertext so only the intended recipient can decode it back into something meaningful.
| Encoding | Size per Character | Notes |
|---|---|---|
| ASCII | 1 byte (7-bit) | 128 characters — English letters, digits, basic symbols only |
| UTF-8 | 1–4 bytes, variable | Backward-compatible with ASCII, dominant encoding on the web |
| UTF-16 | 2 or 4 bytes | Common internally in Windows and Java |
| UTF-32 | 4 bytes fixed | Simple indexing, rarely used due to size |
| Latin-1 (ISO-8859-1) | 1 byte | Legacy Western European encoding, common source of mojibake |
Garbled text ("’" instead of an apostrophe) happens when bytes are decoded with the wrong character set — always declare and match encoding explicitly.
| Format | Type | Notes |
|---|---|---|
| JSON | Text | Human-readable, ubiquitous for web APIs |
| XML | Text | Verbose, schema-validated, common in legacy enterprise systems |
| Protocol Buffers | Binary | Compact, schema-defined, fast to (de)serialize — common in gRPC |
| MessagePack | Binary | JSON-like data model, binary-efficient encoding |
| ASN.1 | Binary | Formal notation used in TLS certificates, SNMP, LDAP |
| YAML | Text | Human-friendly, common for config files |
Original data fully recoverable — required for text, code, and structured data.
Some data discarded permanently for much smaller size — acceptable for media where perfect fidelity isn't required.
Same key encrypts and decrypts — fast, used for the bulk data once a session key is agreed (AES-GCM, ChaCha20).
Public/private key pair — used during the handshake to safely establish that shared symmetric key (RSA, ECDHE).
X.509 certs (ASN.1-encoded) bind a public key to an identity, signed by a trusted Certificate Authority.
| Codec | Media | Notes |
|---|---|---|
| H.264 (AVC) | Video | Widely supported, good compression, hardware-accelerated almost everywhere |
| H.265 (HEVC) | Video | Better compression than H.264, licensing complexity limits adoption |
| VP9 / AV1 | Video | Royalty-free, used heavily by YouTube and streaming platforms |
| AAC | Audio | Better quality-per-bit than MP3, standard for streaming |
| Opus | Audio | Low-latency, excellent for real-time voice (WebRTC) |
Standard 3-way handshake completes on port 443 (Layer 4 work is already done at this point).
Pre-TLSClient and server agree on a cipher suite, exchange key material, and the server presents its certificate for identity verification.
Encryption setupBrowser checks the certificate's signature chain up to a trusted root CA, confirms the domain name matches, and checks it hasn't expired or been revoked.
Trust verificationBoth sides now share a symmetric key for the rest of the session — fast enough to encrypt/decrypt every byte of the page without the overhead of asymmetric crypto.
Key derivationBrowser sends an HTTP request declaring what formats it accepts (Accept-Encoding: gzip, br) and what character sets/content types it can handle.
Content negotiationServer compresses the HTML/JSON payload (per the negotiated encoding), then TLS encrypts the whole thing before it ever hits the wire.
Presentation transformOn arrival: TLS layer decrypts first, then the declared Content-Encoding is reversed (gunzip/brotli), then bytes are decoded using the declared charset (usually UTF-8) into text the renderer can use.
Reverse transformThe now-plain HTML/JSON is handed up to the browser's rendering/application logic — presentation layer's job is done.
Handoff| Symptom | Likely Cause |
|---|---|
| Garbled text (mojibake) | Character encoding mismatch between sender and receiver |
| TLS certificate warning | Expired cert, hostname mismatch, untrusted/self-signed CA |
| Media won't play | Unsupported codec on the client device/browser |
| Response larger than expected | Compression not negotiated or not applied server-side |
| API parsing failure | Content-Type mismatch — client expects JSON, server sent XML/text |
| Check | How |
|---|---|
| Cert chain & expiry | openssl s_client -connect host:443 |
| Response headers | curl -I https://host |
| Actual encoding used | Inspect Content-Encoding / Content-Type response headers |
| Byte-level inspection | hexdump / file --mime-encoding |