Internet & ToolsA URL is the address of a resource on the web. Like a postal address tells the mail system where to deliver a letter, a URL tells your browser where to find a webpage, image, or APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. endpointWhat is endpoint?A specific URL path on a server that handles a particular type of request, like GET /api/users.. Understanding how URLs work will help you debug problems, build better APIs, and navigate the web more effectively.
Breaking down a URL
Let's dissect a complete URL piece by piece:
https://www.example.com:443/products/shoes?color=red&size=42#reviews| Part | Value | Purpose |
|---|---|---|
| Protocol | https:// | How to communicate |
| Domain | www.example.com | Which server to contact |
| Port | :443 | Which door to knock on |
| Path | /products/shoes | Which resource to request |
| Query | ?color=red&size=42 | Extra parameters |
| Fragment | #reviews | Where to scroll on the page |
ProtocolWhat is protocol?An agreed-upon set of rules for how two systems communicate, defining the format of messages and the expected sequence of exchanges.: the rules of communication
The protocol tells the browser how to talk to the server:
- HTTPWhat is http?The protocol browsers and servers use to exchange web pages, API data, and other resources, defining how requests and responses are formatted. = HyperText Transfer Protocol (unencrypted, avoid for sensitive data)
- HTTPSWhat is https?HTTP with encryption added, so data traveling between your browser and a server can't be read or tampered with by anyone in between. = HTTP Secure (encrypted with SSL/TLSWhat is ssl/tls?Encryption protocols that secure the connection between a browser and a server, preventing eavesdropping on data in transit.)
Always use HTTPS. It protects passwords, personal data, and prevents attackers from intercepting your communication. When you see the lock icon in your browser, you're using HTTPS.
Other protocols you might see
| Protocol | Use case | Example |
|---|---|---|
file:// | Local files | file:///Users/me/doc.html |
ftp:// | File transfers | ftp://files.example.com |
ws:// | WebSockets (real-time) | ws://chat.example.com |
mailto: | Email links | mailto:help@site.com |
Domain: finding the right computer
The domain identifies which server to contact. It's hierarchical, reading from right to left:
www.example.com
└──┬──┘ └──┬──┘ └─┬─┘
│ │ └── Top-level domain (TLD)
│ └───────── Domain name
└──────────────── Subdomain.com= top-level domain (TLDWhat is tld?Top-Level Domain - the last segment of a domain name (.com, .org, .fr), indicating the domain's type or country.), indicates the type of siteexample= domain name, the registered namewww= subdomainWhat is subdomain?A prefix to a domain (api.example.com, blog.example.com) that routes to a distinct service or section of a site., often used for the main website
DNSWhat is dns?The system that translates human-readable domain names like google.com into the numerical IP addresses computers use to find each other. (Domain Name System) translates this human-readable name into an IP addressWhat is ip address?A numerical label (e.g., 172.217.14.206) that identifies a device on a network - DNS translates domain names into IP addresses. that computers understand. You type google.com, DNS tells your browser 172.217.14.206.
Subdomains in practice
Subdomains let organizations organize different services:
| Subdomain | Typical use |
|---|---|
www | Main website (historical convention) |
api | Application programming interface |
blog | Company blog |
shop | E-commerce section |
app | Web application |
cdn | Content delivery network (images, videos) |
Port: which door to knock on
Ports are like doors on a building. Each service listens on a specific port. They're usually hidden because browsers use sensible defaults:
| Protocol | Default port | When you see it |
|---|---|---|
| HTTP | 80 | Almost never (implied) |
| HTTPS | 443 | Almost never (implied) |
| Development | 3000, 8080 | Local development |
| Database | 5432, 3306 | Direct database connections |
You mostly see ports during development: localhost:3000 means "my own computer, port 3000."
Path: locating the resource
The path specifies which resource you want on the server:
/products/shoes/nike-air-maxIt's like folders on your computer. The server decides what to return for each path. RESTWhat is rest?An architectural style for web APIs where URLs represent resources (nouns) and HTTP methods (GET, POST, PUT, DELETE) represent actions on those resources. APIs use paths to organize endpoints logically:
| Path | What it returns |
|---|---|
/users | List all users |
/users/123 | Specific user with ID 123 |
/users/123/posts | Posts by user 123 |
Query parameters: sending extra data
Query parameters let you send additional information to the server:
?color=red&size=42&sort=priceThey start with ?, use key=value format, and multiple params are separated by &.
Common use cases:
| Use case | Example URL |
|---|---|
| Search | ?q=javascript+tutorial |
| Filters | ?category=books&price=low |
| Pagination | ?page=2&limit=20 |
| Tracking | ?utm_source=newsletter |
| Sorting | ?sort=date&order=desc |
URL encoding
Special characters in URLs must be "percent-encoded":
| Character | Encoded | Why |
|---|---|---|
| Space | %20 or + | Spaces aren't allowed |
& | %26 | Would confuse query params |
= | %3D | Would confuse key=value |
? | %3F | Would start new query string |
Working with URLs in JavaScript
// Parse a URL
const url = new URL('https://example.com/search?q=react&page=2');
console.log(url.protocol); // 'https:'
console.log(url.hostname); // 'example.com'
console.log(url.pathname); // '/search'
console.log(url.search); // '?q=react&page=2'
// Build a URL programmatically - much safer than string concatenation
const apiUrl = new URL('https://api.example.com/users');
apiUrl.searchParams.set('limit', '10');
apiUrl.searchParams.set('sort', 'name');
console.log(apiUrl.toString());
// 'https://api.example.com/users?limit=10&sort=name' https://api.example.com/users/${id}?page=${page} . This breaks when you deploy to a different environment (staging, production) and skips encoding special characters. Always use the URL and URLSearchParams` APIs to build URLs safely, and store base URLs in environment variables, not scattered across your codebase.FragmentWhat is fragment?A React wrapper (<></>) that groups multiple elements without adding an extra HTML node to the page.: browser-only navigation
The fragment (everything after #) is special, it's never sent to the server:
https://docs.example.com/guide#installationThe browser uses it for:
- Jumping to sections on the same page
- Single-page app routing (React Router, Vue Router)
- Tab navigation within a page
Because it's browser-only, you can't use fragments to send data to the server. They're purely for client-side navigation.
URL best practices
Do:
- Use HTTPSWhat is https?HTTP with encryption added, so data traveling between your browser and a server can't be read or tampered with by anyone in between. for anything involving passwords or personal data
- Keep URLs readable and meaningful
- Use query params for optional filters, not required data
- URL-encode special characters in values
Don't:
- Put sensitive data (passwords, APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. keys) in URLs, they get logged by servers and browser history
- Create extremely long URLs, they break in email clients and some systems
- Change URLs without redirects, you'll break bookmarks and SEO
Quick reference
| Part | Syntax | Sent to server? | Example |
|---|---|---|---|
| Protocol | https:// | Yes | HTTPS, HTTP, WS |
| Domain | example.com | Yes | Via DNS lookup |
| Port | :443 | Yes | 80, 443, 3000 |
| Path | /products/shoes | Yes | Resource location |
| Query | ?key=value | Yes | Filters, search, pagination |
| Fragment | #section | No | In-page navigation |