URL Fundamentals: Review Questions

Self-Study & Discussion

These questions cover the 16 sections of the URL Fundamentals overview and are organized by topic clusters. No answers are provided — the goal is to test your understanding of URL concepts and their practical implications, not to memorize facts.

The questions mix conceptual understanding, scenario-based judgment, and common misconceptions.

Cluster 1: Definitions & Anatomy (Sections 1–2)

  1. Explain the difference between a URI, a URL, and a URN. In everyday web development, which one do you work with almost exclusively?
  2. A colleague says "a URN like urn:isbn:978-0-13-468599-1 is a URL." What's wrong with this statement?
  3. Given the URL https://api.example.com:8080/users/search?role=admin&active=true#results, identify each of the five components and explain what each one tells the browser.
  4. Which URL components are required for every web URL, and which are optional? What is the minimum valid web URL you can construct?

Cluster 2: The Five Components (Sections 3–7)

  1. Why should new websites always use https:// instead of http://? Name at least three things that HTTPS enables beyond encryption.
  2. A developer's site works perfectly on their Mac but returns 404 errors on the Linux production server for some pages. The URLs look correct. What is the most likely cause?
  3. Explain why you should never put passwords, API keys, or personal information in query strings. Name at least three places where query strings are exposed.
  4. What is unique about the fragment identifier compared to all other URL components? How did this property lead to hash-based routing in early single-page applications?
  5. A junior developer sets up a development server on port 3000 and links to it as http://localhost/app. The page doesn't load. What's wrong, and why is the port necessary in this case but not for https://example.com/app?
  6. Your app uses the URL https://shop.example.com/products?category=electronics&brand=sony&price_max=500. A user shares this link with a colleague. What will the colleague see, and why is this a good use of query parameters?

Cluster 3: Relative URLs & Encoding (Sections 8–9)

  1. Given a page at https://example.com/blog/posts/article.html, resolve each of these relative URLs to their absolute form: other.html, ../about.html, /styles/main.css, ../../contact.html.
  2. A developer uses <base href="https://cdn.example.com/assets/"> in their HTML. Now their <a href="#section2"> links navigate away from the current page. Explain why and how to fix it.
  3. Why are protocol-relative URLs (starting with //) considered an outdated pattern? What problem were they originally designed to solve?
  4. A developer builds a search URL by concatenating strings: '/search?q=' + userInput. If the user searches for "cats & dogs", what goes wrong? What's the correct approach?
  5. Explain the difference between encodeURI() and encodeURIComponent(). When would using the wrong one cause a bug? Give a concrete example.

Cluster 4: Data URIs, State & Security (Sections 10–12)

  1. When would you use a data URI instead of linking to a separate file? When would a data URI be a bad choice? Explain the trade-off in terms of HTTP requests vs. file size.
  2. A colleague stores the user's authentication token in the URL as a query parameter: /dashboard?token=abc123. List at least four ways this token could be leaked, and suggest a better approach.
  3. Explain the difference between history.pushState() and history.replaceState(). When would you use each one?
  4. A web application has a login page that redirects users after authentication: /login?redirect=/dashboard. An attacker changes this to /login?redirect=https://evil.com. What attack is this, and how should the application defend against it?
  5. What is the "shareability test" for URL state? Give an example of state that belongs in the URL and state that does not.

Cluster 5: Design, Interfaces & the JS API (Sections 13–15)

  1. Tim Berners-Lee argues that "cool URIs don't change." What are the three most common reasons URLs break, and how can you design URLs to avoid these problems?
  2. Evaluate these two URLs for the same resource: /cgi-bin/display.pl?id=42 vs. /articles/42. Which is better and why? What happens when the company migrates from Perl to Python?
  3. Explain the "Phone Test" for URL design. Apply it to these URLs and determine which passes: /p/RS-42X?ref=nav vs. /products/running-shoes.
  4. Using the JavaScript URL API, write code to: (a) parse a URL and extract the hostname, (b) add a query parameter, and (c) validate that a user-provided string is a safe HTTP/HTTPS URL. Why is this better than string manipulation?
  5. A website changes from /blog/posts/my-article.php to /blog/my-article. What HTTP status code should the old URL return, and why? What happens to search engine rankings and existing bookmarks if this is handled correctly vs. incorrectly?