Back to Tutorials
INTERNET BASICS

Understanding URLs and Domain Names

15 min read Beginner

Every time you visit a website, you type or click on something called a URL. But have you ever stopped to think about what those letters and symbols actually mean? Understanding URLs and domain names is one of the most fundamental skills for navigating the internet safely and effectively. In this tutorial, we will break down every component so you know exactly what you are looking at in your browser's address bar.

What Is a URL?

URL stands for Uniform Resource Locator. Think of it as the complete address of a specific resource on the internet -- much like a street address tells you how to find a particular building. Every web page, image, video, and downloadable file has its own unique URL.

When you type a URL into your browser's address bar and press Enter, your browser uses that address to locate and retrieve the resource you want. Without URLs, we would have no standardized way to find anything on the web.

Here is an example of a complete URL:

https://www.example.com:443/products/shoes?color=red&size=10#reviews

That might look complicated, but once you understand each part, it becomes second nature to read and interpret any URL you encounter.

The Parts of a URL

Every URL is made up of several components. Not all of them are always present, but understanding each one will give you a complete picture. Let's break down our example URL piece by piece.

1. Protocol (Scheme)

https://

The protocol tells your browser how to communicate with the server. The two most common protocols you will encounter are:

  • HTTP (HyperText Transfer Protocol) -- The original protocol for web communication. Data is sent in plain text, which means it can potentially be intercepted and read by others.
  • HTTPS (HTTP Secure) -- The encrypted version of HTTP. The "S" stands for Secure. Data is encrypted during transfer, making it much harder for anyone to intercept and read your information.
Tip: Always look for https:// when entering sensitive information like passwords, credit card numbers, or personal data. Most modern browsers will display a padlock icon next to the URL when the connection is secure.

You may also encounter other protocols like ftp:// (File Transfer Protocol) for downloading files from servers, or mailto: for email links, but HTTP and HTTPS are by far the most common on the web.

2. Domain Name

www.example.com

The domain name is the human-readable address of the website. We will explore domain names in much more detail in the next section. For now, know that this is the part that identifies which server on the internet hosts the resource you want.

3. Port Number

:443

The port number specifies which "door" on the server to connect to. Think of the server as a building with many doors, each leading to a different service. You rarely see port numbers in everyday browsing because browsers use default ports automatically: port 80 for HTTP and port 443 for HTTPS. You will usually only see a port number when accessing development servers or specialized services.

4. Path

/products/shoes

The path points to a specific resource on the server, similar to how a file path on your computer points to a specific file within folders. In this example, we are navigating to the "shoes" section within the "products" category. Paths use forward slashes (/) to separate directories, much like folders on your computer.

5. Query String

?color=red&size=10

The query string begins with a question mark (?) and contains key-value pairs separated by ampersands (&). These pass additional information to the server, often used for filtering search results, specifying product options, or tracking where you came from. In our example, we are asking for shoes that are red and size 10.

6. Fragment (Anchor)

#reviews

The fragment starts with a hash symbol (#) and points to a specific section within the page. When you click a link that includes a fragment, your browser will scroll directly to that section. Unlike the other parts, the fragment is handled entirely by your browser and is never sent to the server.

Understanding Domain Name Structure

Domain names have their own internal structure that is worth understanding. Let's look at a typical domain name and break it apart:

    mail.google.com
    |     |      |
    |     |      +-- Top-Level Domain (TLD)
    |     +--------- Second-Level Domain (SLD)
    +--------------- Subdomain

Top-Level Domain (TLD)

The TLD is the last part of the domain, appearing after the final dot. Common TLDs include:

  • .com -- Commercial (the most common; used by businesses and general websites)
  • .org -- Organization (often used by nonprofits)
  • .net -- Network (originally for networking companies, now general use)
  • .edu -- Education (restricted to accredited educational institutions)
  • .gov -- Government (restricted to U.S. government entities)

There are also country-code TLDs like .uk (United Kingdom), .ca (Canada), .de (Germany), and .jp (Japan). In recent years, hundreds of new TLDs have been introduced, such as .app, .shop, .blog, and .tech.

Second-Level Domain (SLD)

The SLD is the name directly to the left of the TLD. This is the main identity of the website -- the part you choose when you register a domain. In google.com, "google" is the second-level domain. This is typically the brand name or the most recognizable part of the address.

Subdomain

A subdomain appears to the left of the SLD and is used to organize different sections or services of a website. The most common subdomain is www, but you will also see things like mail.google.com, docs.google.com, or support.apple.com. Website owners can create as many subdomains as they want without registering new domains.

How DNS Works (The Simple Version)

You might be wondering: if computers communicate using numbers (IP addresses like 142.250.80.46), how do they know where to go when you type a word-based domain name? The answer is the Domain Name System (DNS), often called the "phone book of the internet."

Here is what happens when you type a URL into your browser, in simplified steps:

  1. You type the URL -- For example, www.example.com.
  2. Browser checks its cache -- Your browser first checks if it has recently looked up this domain and still has the IP address stored locally.
  3. Operating system cache -- If the browser doesn't have it, it asks your operating system, which may also have it cached.
  4. DNS resolver query -- If neither cache has it, the request goes to a DNS resolver, usually operated by your Internet Service Provider (ISP) or a service like Google DNS or Cloudflare DNS.
  5. The resolver finds the IP address -- The resolver queries a chain of DNS servers (root servers, TLD servers, and authoritative servers) to find the IP address associated with the domain name.
  6. Connection established -- Your browser now has the IP address and connects to the correct server to load the website.

This entire process typically takes just milliseconds. The caching at each step means frequently visited websites load even faster because the translation has already been done recently.

Tip: You can see the IP address behind any domain name by opening a terminal or command prompt and typing nslookup example.com. This performs a DNS lookup and shows you the associated IP address.

Recognizing Safe URLs

One of the most practical reasons to understand URLs is so you can protect yourself from phishing attacks and malicious websites. Here are key tips for evaluating whether a URL is safe before you click or enter information:

Check the Domain Carefully

Attackers often create domains that look similar to legitimate ones. Watch out for:

  • Misspellings: g00gle.com (zeros instead of o's) or gooogle.com (extra letter)
  • Misleading subdomains: google.com.evil-site.net -- This looks like Google but actually belongs to evil-site.net. Always look at the SLD and TLD together (the part just before and including the last dot).
  • Character substitution: Some characters from other alphabets look identical to English letters. The Cyrillic letter "a" looks like the Latin "a" but is a different character, allowing attackers to register what appears to be a known domain.
Warning: Never trust a URL based solely on how it looks in a link. Hover over links (without clicking) to see the actual URL your browser will visit. The displayed text of a link can say anything -- it is the actual URL destination that matters.

Look for HTTPS

While HTTPS alone does not guarantee a site is legitimate (attackers can also get SSL certificates), the absence of HTTPS on a site asking for personal information is a strong red flag. Legitimate banks, stores, and services always use HTTPS.

Be Wary of Long, Complex URLs

If a URL has an unusually long and complicated structure with many random characters, it could be an attempt to hide the true destination. Legitimate URLs tend to be clean and readable. A shortened URL (like those from bit.ly or tinyurl.com) can also mask a dangerous destination -- use a URL expander service to check where short links actually lead.

Check the TLD

Be cautious of unusual TLDs, especially if you are expecting a well-known website. If your bank normally uses .com, a link from them ending in .xyz or .info should raise suspicion.

Key Takeaways

  • A URL is the complete address of a resource on the internet, made up of a protocol, domain, optional port, path, query string, and fragment.
  • Domain names have a hierarchical structure: subdomain, second-level domain, and top-level domain.
  • DNS translates human-readable domain names into machine-readable IP addresses.
  • Always check the protocol (HTTPS) and carefully examine the domain name before entering sensitive information.
  • Hover over links to verify their true destination before clicking.

Understanding URLs is your first line of defense on the internet. Now that you can decode any address bar, you are better equipped to browse safely and recognize when something is not right.

All Tutorials Next: Effective Web Searching