Jake Archibald avatar Jake Archibald and Surma avatar Surma

Humans can't read URLs. How can we fix it?

Screenshot of “Humans can't read URLs. How can we fix it?”

Jake leads this HTTP 203[1] episode with his reflexions about current URL display practice in browsers, and how it could be improved, at least for security.

For advanced Web users like me, the request part of the URL helps locate current page in the site, if there's a nice logic in the URL[2]:

2 URL examples, where the first one shows a nice content hierarchy

Safari unfortunately hides this request part, even on desktop:

How browsers show URLs

For users with no technical knowledge about the URL structure, being able to detect fishing attempts immediately would be a huge security improvement:

Fishing attempts are more obvious in Firefox

That's why I really like what Jake suggests, as it makes the eTLD+1 obvious for security, but keeps the full URL alongside it, if there's enough space:

Jake's suggestion to improve URL security

One thing Jake and Surma didn't talk about through, is how this Public Suffix List Mozilla maintains can grow without hurting browsers' performance, like with the HSTS Preload list.


  1. HTTP 203 is a great show where « Google Developers Jake Archibald and Surma discuss their philosophies about web development and the various aspects of it, meanwhile dropping in lifehacks, lessons and some honest truths ». ↩︎

  2. Like I try on this site… 😉 ↩︎

17 Webmentions

10 likes

4 replies

  1. Jake Archibald avatar Jake Archibald
    this is a great round-up!
  2. Nicolas Hoizey avatar Nicolas Hoizey
    Thanks. 😉
  3. Kaustubh Joshi avatar Kaustubh Joshi
    Nice quick read
  4. Julianoe ✏️ avatar Julianoe ✏️
    Deleting urls is a wet dream for google/Facebook as they could keep a better grip on the users and how they can access content.

3 mentions

  1. Jeremy Keith avatar Jeremy Keith
    Last month I wrote some musings on default browser behaviours. When it comes to all the tasks that browsers do for us, the most fundamental is taking a URL, fetching its contents and giving us the results. As part of that process, browsers also show us the URL of the page currently loaded in a tab or window.

    But even at this fundamental level, there are some differences from browser to browser.

    Safari only shows you the domain name—and any subdomain names—by default. It looks like nice and tidy, but…
  2. Page screenshot https://medium.com/@adactio/incrementurl-f7b2d6878b18?source=rss------...
  3. Page screenshot https://medium.com/@adactio/incrementurl-f7b2d6878b18?source=rss-52712...