URLs
A Uniform Resource Locator (URL) -- informally called a web address -- specifies the location of a resource on the internet.
Understanding how browsers and web-servers treat URLs is key to securing your website. A URL will typically have the following form:
| Protocol | Domain | Path | Query String | URI Fragment |
|---|---|---|---|---|
http:// | hacksplaining.com | /glossary/urls | ?ref=google&top=Y | #details |
- The protocol dictates whether HTTP requests and responses are sent as plain text or encrypted en route.
- The domain dictates the server the request is sent to. It is converted to an IP address following a lookup on the Domain Name System. The domain is the only part of an HTTPS request that is not encrypted.
- The path tells the server which resource is being accessed. It frequently (but not always) corresponds to a path on disk, accessible to the web server.
- The (optional) query string contains non-hierarchical data, usually defined as key-value attribute pairs.
- The (optional) URI fragment is not included in HTTP requests by browser, but can be updated and read in JavaScript.