URL Anatomy 101

  • Full structure: protocol://subdomain.domain.tld:port/path?query=params#fragment
  • Max length: 2,083 chars (IE limit)—most browsers handle 64KB, but keep URLs under 2K for safety
  • Encoding: Spaces become %20 or +, special chars get percent-encoded (é → %C3%A9)

URL Components Explained

  • Protocol: http, https, ftp, mailto, tel—tells browser HOW to fetch the resource
  • Subdomain: www, api, blog, mail—organizes services under one domain
  • Domain: The registered name you pay for (google, amazon, github)
  • TLD: Top-level domain (.com, .org, .io, .co.uk)—this tool handles multi-part TLDs!
  • Port: Optional—defaults are 80 (http) and 443 (https)
  • Path: /folder/page.html—the resource location on the server
  • Query: ?key=value&key2=value2—parameters passed to the server
  • Fragment: #section—client-side only, jumps to page anchor (not sent to server!)

Query Parameter Secrets

  • UTM params: utm_source, utm_medium, utm_campaign—tracking where traffic comes from
  • Pagination: ?page=2&limit=20—standard for API results
  • Sorting: ?sort=price&order=asc—common API pattern
  • Filtering: ?category=electronics&brand=apple—narrow down results
  • Auth tokens: ?token=abc123—sometimes in URL (not recommended for security!)

Developer Use Cases

  • Debug API calls: Paste a failing URL to see exactly what params are being sent
  • Build query strings: Understand structure before constructing URLs programmatically
  • Decode tracking links: See what UTM parameters are hiding in marketing URLs
  • Parse OAuth callbacks: Extract code, state, and error params from redirect URLs
  • Analyze affiliate links: See what tracking IDs are embedded

Interesting URL Facts

  • First URL ever: http://info.cern.ch (still works! Try it)
  • Longest TLD: .cancerresearch (16 chars) and .travelersinsurance (19 chars)
  • Most expensive domain: Cars.com sold for $872 million (2014)
  • Punycode: International domains like 中国.com become xn--fiqs8s.com
  • Data URLs: data:text/html,<h1>Hello</h1> is a valid URL that renders HTML!

URL Security Considerations

  • HTTPS everywhere: HTTP URLs expose all data including query params to network observers
  • Don't put secrets in URLs: Query params appear in browser history, server logs, and referer headers
  • Watch for open redirects: ?redirect=evil.com can be abused for phishing
  • Validate thoroughly: Malformed URLs can crash parsers or enable injection attacks
  • Shorten carefully: Shortened URLs hide the destination—preview before clicking unknown links

Multi-Part TLDs This Tool Handles

  • Country-specific: .co.uk, .com.au, .co.jp, .com.br, .co.nz
  • Government: .gov.uk, .gov.au, .gc.ca
  • Academic: .ac.uk, .edu.au
  • Why it matters: shop.example.co.uk → subdomain=shop, domain=example, TLD=co.uk (not uk!)