What Is a URL? How Web Addresses Are Built and How to Vet Them

URL stands for Uniform Resource Locator. Here's how a web address is structured, how it differs from a URI, and how to tell a safe link from a dangerous one.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

The longer a web address gets, the more suspicious it might look to you. You might find yourself wondering, “Should I click this link that a random Discord account sent to me?” (The answer is usually “Oh God, no!”)

If you find yourself unsure which URLs are safe, you’re not alone. According to studies compiled by All About Cookies, 72% of U.S. adults aren’t really sure what web hosting is, suggesting that web technology in general is poorly understood.

But I’m here to break down what a URL is, what each part of a URL is for, and how to tell which ones are safe.

In this article
What is a URL?
The parts of a URL
URI vs. URL vs. URN
How a URL actually gets you to a website
How to tell if a URL is safe, and why AI is raising the stakes
Bottom line
FAQs

What is a URL?

URL stands for Uniform Resource Locator, and it’s the thing you type into your address bar (or click on) to reach a specific page, file, or server on the internet. They’re commonly called “web addresses” because nearly all things digital were once given names based on physical objects or concepts.

You know, like a street address.

As intimated above, URLs aren’t only used for accessing websites. Literally anything made accessible on the internet can be given a URL and thus accessed via a web browser or other appropriate software. Whether it’s a database halfway around the world, a video game server in a region near you, or the video you’re watching on YouTube in the background right now, your computer only knows how to find it because of the URL.

The parts of a URL

Let’s start with, oh, a purely random example: https://www.allaboutcookies.org/what-is-a-cookie

There’s actually a lot going on there, starting with the protocol. In networking, protocols are just shared sets of instructions that let both computers in a connection know what sort of data is being sent back and forth. The HTTP protocol (http://) establishes that the data contains web pages or related files. The HTTPS protocol (https://) says the same thing, but that all data sent back and forth is encrypted.

Basically, all reputable sites use HTTPS now. If they don’t, they lack a Secure Sockets Layer (SSL) certificate that proves the website is secure.

Learn more about the difference between HTTP and HTTPS in our guide.

The “www.” part is the subdomain. Subdomains are used to, among other things, host multiple websites on the same domain (e.g., mail.google.com). Next up is the domain name, which is the “name” of the website. The part that says “.com” or “.net” is the TLD, or Top Level Domain, and there’s an ever-growing list of those to choose from.

Now, after the TLD, you could also technically add a port number (e.g., .org:443), but those are usually implied by the protocol. After that comes the path (e.g.,/what-is-a-cookie), which points you at a specific page on a site.

After that, you might see an anchor like “#example-heading” which will take you to a particular part of the page, or a query/parameter like “?=example-data” which is used for scripting, or as an alternative to paths on some sites.

Part Example What it does
Protocol / scheme https:// Tells the browser how to talk to the server. HTTPS means the connection is encrypted; HTTP doesn't.
Subdomain www. A subdivision of the domain. Can route to separate sections or sites (e.g., mail.google.com).
Domain name allaboutcookies.org The site's registered name — its identity on the web.
Top-level domain (TLD) .org The extension at the end (.com, .net, .org, and a growing list).
Port (optional) :443 Which "door" on the server to connect through. Usually implied by the protocol, so you rarely see it.
Path /what-is-a-cookie Points to the specific page or file on the site.
Query / parameter (optional) ?ref=newsletter Passes extra data to the site — tracking, search terms, or scripting.
Anchor / fragment (optional) #history Jumps to a specific spot on the page.

URI vs. URL vs. URN

Alright, here’s where things get actually nerdy. In networking terms, every digital asset can theoretically be given a Uniform Resource Identifier to help you find it later. That could be a domain name like allaboutcookies.org, or the ISBN used to identify a particular book (e.g., ISBN 9780553212471).

A URL is a subtype of URI that specifically includes the protocol used to access the asset, e.g., https://allaboutcookies.org. Including the protocol turns it from a plain old URI into a URL. But it’s still a URI. Every URL is a URI, but not every URI is a URL.

A common metaphor likens a URL to including a thing’s address with its name. It’s an identifier combined with instructions on where to find it.

Lastly, there’s the URN, or Uniform Resource Name. This is also a subtype of URI, but it uses a very specific naming scheme. It always starts with “urn:”, followed by the rest of the identifier, like so: urn:isbn:9780553212471.

How a URL actually gets you to a website

So who decides which URL gets pointed where? Well, technically, we all do. Everyone who buys a domain decides where that domain name gets pointed. Usually, domain names are redirected to the IP address of the web server where your website or app is hosted. That IP address gets recorded and spread throughout the worldwide Domain Name System (DNS).

Then, when a user types your domain into their browser (or clicks on a link with your domain in it), the browser contacts whichever DNS server their device is configured to use. The DNS server translates the URL into the appropriate IP address behind the scenes, directing the user to your website.

How to tell if a URL is safe, and why AI is raising the stakes

So the main thing to look out for, in most cases, is the domain name. Again, in “https://allaboutcookies.org/what-is-a-cookie”, that would be the part that says “allaboutcookies.org”. Much of the skullduggery will happen there. Scammers often use domains that are spelled in very similar ways to those of real websites and apps to trick users, or they might use a different TLD.

For example: allaboutcookies.org and allaboutcookies.ong are not at all the same thing, but anyone could confuse the two if they were distracted or in a hurry.

Checking the URL is particularly important because scammers have long used lookalike phishing pages to steal credit card info from unwary users. Now, with the rise of ChatGPT and other AI-based coding agents, creating these lookalike pages takes all of a minute or two. Appearances can be deceiving, and just because there’s a padlock icon in your browser indicating HTTPS doesn’t mean a URL is safe. Anyone can use HTTPS, and scammers often do, now.

When in doubt, don’t click the link in your email telling you that there’s a problem in your account RIGHT NOW. Open the official app or website in another window, then log in from there.

Bottom line

So what is a URL? It’s just a web address. Once you learn how to read them, you’ll be able to spot risky links more easily, and even navigate the web in ways you couldn’t before.

No, seriously, I’ll sometimes edit the URL directly to access a page that someone linked with an obvious typo, or to refine search parameters when I’m searching a website for something specific. The point is that URLs aren’t hard to understand once you know their basic structure. Happy browsing!

FAQs

Why do some URLs start with "www" and others don't?

In days long past, almost every URL started with “www” because companies used to host all their internet stuff on the same server/domain. Companies would often also use “mail.company.com” or “portal.company.com” for internal use. “www” indicated that everything on that subdomain was intended for access via the World Wide Web (the internet).

Confused about the relationship between web hosting and domains? We break it down in our web hosting vs. domains guide.

Are URLs case-sensitive?

The domain name part of a URL (e.g., allaboutcookies.org) isn’t case-sensitive. But the part that comes after the domain, the path, and any extra queries or parameters baked into the URL (e.g., /what-is-a-cookie/) are often case-sensitive. It depends a little on how the site was built.

What's the difference between a URL and a hyperlink?

A URL, or Uniform Resource Locator, is the address used to locate a web page, file, or server on the internet. A hyperlink is an element of HTML (HyperText Markup Language, which powers all websites) that allows a user to click on part of a web page and go to a different URL.

For anyone who’s never seen what the underside of a website looks like, well, it looks like this: <a href=”allaboutcookies.org”>All About Cookies</a>. Learn more in our guide to web browsers.

Can clicking a link actually harm your device or steal your data?

In some cases, yes, clicking a link that contains malware can harm your device and steal data. When it comes to your device, clicking a link can sometimes trigger exploits that cause your browser to download a harmful program without you necessarily knowing. As for stealing your data, that usually happens after you’ve clicked a link and entered any of your info on a fake phishing page.

Always avoid clicking links in unsolicited emails, don’t download any attachments, and visit the official site yourself if you have any doubts. Learn more best practices in our guide to online safety.


4.8
Editorial Rating
Learn More
On Namecheap Domain Names's website
Domain Registration
Namecheap Domain Names
  • Top-rated domain registrar with .com deals starting at $6.79/yr and select TLDs for 99 cents the first year
  • Free WHOIS privacy and responsive customer support, exactly what you want the moment a DNS issue hits
  • Scored a perfect 5/5 in our hands-on review of its managed WordPress hosting, so you can register and host in one place
Author Details
Ezequiel Bruni has spent more than 12 years building websites and writing about web technology — a combination that lends credibility to his hosting reviews that most reviewers can't match. At All About Cookies, he conducts hands-on testing and has authored more than 36 reviews, comparisons, and buyer's guides covering web hosting, web building, and domains. His work has appeared in Web Designer Depot and Website Planet, and he is an active contributor to the Rocky Linux open-source project.