A Uniform Resource Locator (URL) – informally called a web address – specifies the location of a resource on the internet.
Understanding how browsers and web-servers treat URLs is key to securing your website. A URL will typically have the following form:
http:// |
hacksplaining.com |
/glossary/urls |
?ref=google&top=Y |
#details |
| Protocol | Domain | Path | Query String | URI Fragment |
-
The protocol dictates whether HTTP requests and responses are sent as plain text or encrypted en route.
-
The domain dictates the server the request is sent to. It is converted to an IP address following a lookup on the Domain Name System. The domain is the only part of an HTTPS request that is not encrypted.
-
The path tells the server which resource is being accessed. It frequently (but not always) corresponds to a path on disk, accessible to the web server.
-
The (optional) query string contains non-hierarchical data, usually defined as key-value attribute pairs.
-
The (optional) URI fragment is not included in HTTP requests by browser, but can be updated and read in JavaScript.