angle-uparrow-clockwisearrow-counterclockwisearrow-down-uparrow-leftatcalendarcard-listchatcheckenvelopefolderhouseinfo-circlepencilpeoplepersonperson-fillperson-plusphoneplusquestion-circlesearchtagtrashx

Why your website canonical name must be 'www' (or 'app' or something else)

A website URL starting with 'www' prevents visitor data (cookies) being send to unintended destinations.

27 November 2020 Updated 27 November 2020
post main image
https://unsplash.com/@volcanono

I know, there are many articles about this subject. But I thought it was useful to write a post about this because I did not know all the details.

I assume your website can be accessed from the internet using a 'without-www' URL and a 'with-www' URL. This article is not about selecting a website URL for marketing purposes. Even if you are using a 'with-www' URL for your website, you can still communicate the 'without-www' URL to your audience.

Instead, this article is about the technical implications of using a 'www' prefix or no prefix at all.

Definitions

Domain name A domain name is the unique name that identifies an entity like a website on the internet. A domain name always has two or more parts separated by dots.

Web address or URL Web address or URL is a location of a entity on the internet. This can be a file, a web page, a website.

Domain apex A domain apex is a root of a domain. For example, example.org is a domain apex. And www.example.org, mail.example.org are called subdomains of example.org. A domain apex is also called a base, bare, or naked domain.

Canonical name A canonical name, also referred to as a CNAME record, is a DNS record that defines a host name of a computer or server. It is used to add a prefix like 'www' to a root domain.

Domain Name System (DNS) The Domain Name System, or DNS, is a decentralized system for computers connected to the internet. It is often called the phone book of the internet. Its most important function is the translation of a URL into an IP address. This is done by name servers.

Name server Name servers are part of the Domain Name System (DNS).If someone changes DNS-records on a name server then these changes are propagated to all name servers part of the DNS. They perform the actual translation from URL into IP address.

What happens when you type a URL in your browser

Before going into details let's summarize how a web page is shown on your screen. The URL you type in your browser, is send to a name server. The name server translates this into an IP address and return this to your browser. Your browser connects to this IP address and fetches the resource, often a web page.

The data that is shown in the browser is typically selected by three or four systems:

  • The Domain Name System (DNS)
  • (optional) A proxy server
  • The web server, for example Nginx, Apache
  • The web application

The translation of the URL into IP address is done by one or more DNS records.

The optional proxy server is an intermediary server that separates website(s) from the internet. To keep it simple I will assume there is no proxy server in our connection.

The web server can be configured several ways. It can redirect, or rewrite, a URL 'without-www' to a URL 'with-www', or vice versa. It can also redirect, or rewrite, HTTP to HTTPS.

The web application receives the URL from the web server, processes it, and returns to the web server the data of the requested resource, a file or web page. Finally, the web server returns this data to the browser.

Redirection: to 'without-www', to 'with-www', or no redirection

Of course your website must be accesible from a URL and most websites support a 'without-www' URL and 'with-www' URL. But what about redirection?

No redirection

I like the no redirection case because it is WYSIWYG (What You See Is What You Get), meaning that when the page is loaded, the URL in the browser starts with what you typed in the browser. It is confusing if you type a 'with-www' URL and it changes to a 'without-www', or the other way around. I never liked a computer automatically changing things for me ... 

Checking some websites on the internet I found that only a few websites kept the URL as typed by the visitor in the browser, 'with-www' stayed 'with-www', and 'without-www' stayed 'without-www'. There are not many, so this is probably not a good idea, why did they choose to do this anyway, there must be a reason?
From a SEO (Search Engine Optimization) perspective this certainly is not the best solution. Your website can have entries in search engine databases 'with-www' URLs and 'without-www' URLs.

Redirection to 'without-www' URL

In this case when you type a 'with-www' URL, the web address in your browser changes to the 'without-www' URL. Some examples of 'without-www' websites:

  • twitter.com
  • github.com
  • stackoverflow.com

This means that some top sites redirect to a 'without-www' URL. It is shorter, looks modern, nicer, in the browser. Is that the reason why they have chosen to do it this way?

Redirection to a 'with-www' URL

In this case when you type a 'without-www' URL, the web address in your browser changes to the 'with-www' URL. Some examples of 'with-www' websites:

  • www.nytimes.com
  • www.python.org
  • www.apple.com

It appears that most top sites redirect to a 'with-www' URL. This looks old-fashioned or is there a very good reason for this?

Hiding 'www' in the browser

Recently popular web browsers like Chrome and Safari started hiding the 'www' part of a URL. The explanation from Google is that they 'want to make URLs easier to read and understand, and to remove distractions', see links below.

But wait, this probably means that the top sites have no intention of using 'without-www' URLs but stick with 'with-www' URLs. What is going on here?

Why most top websites redirect 'without-www' URLs to 'with-www' URLs

Finally we are getting somewhere. Most websites redirect 'without-www' URLs to 'with-www' URLs for one or more of the following reasons:

Cookies

For website owners the most important reason is what happens with cookies. For a 'with-www' URL a cookie is sent to the 'www' subdomain only.

For a 'without-www' URL the cookie is shared by all subdomains. The cookie data is sent with every request and response whether a subdomain uses this data or not.

Why is this important?

If you have a subdomain, static.example.com, storing your images, javascripts and stylesheets, the cookie will always be sent to that domain. Worst, if you use an external CDN (Content Delivery Network) on a URL like static.yourdomain.com then it can be impossible to prevent the cookie going there.

Also a cookie holds data from your website visitor meaning that you create a privacy problem and a possible security leak if you do not take measures to prevent this.

Flexibility, availability

There is another reason and that has to do with flexibility, availability. But this only applies if you are using the DNS service of the provider where you host your website, see links below.

DNS-records setting and web server redirection

Now we know that we always should have a 'with-www' URL for our website, how do we do this?

For the DNS records there are two ways:

A-record and CNAME-record:

 Type  | Host             | Data
-------+------------------+-------------
 A     | example.org      | 192.0.1.2
 CNAME | www.example.org  | example.org

Or, two A-records:

 Type  | Host             | Data
-------+------------------+-------------
 A     | example.org      | 192.0.1.2
 A     | www.example.org  | 192.0.1.2

We must also tell the web server to redirect 'without-www' URLs to 'with-www' URLs. An example of redirection with Nginx is:

  if ($http_host = "example.org") {
    rewrite ^ $scheme://www.example.org$request_uri? permanent;
  }

Summary

The title of this article says that your website canonical name must be www (or app or something). This is because you typically use a CNAME record, or Canonical Name record, to set the 'www' subdomain.

Using a 'with-www' URL for your website makes it possible to serve static resources from a cookieless domain reducing data transfers. Using a 'with-www' URL for your website also prevents possible privacy and security problems of your visitor (cookie) data.

Links / credits

Choosing between www and non-www URLs
https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Choosing_between_www_and_non-www_URLs

Domain IP address for www and non-www for Canonical URL
https://stackoverflow.com/questions/19566856/domain-ip-address-for-www-and-non-www-for-canonical-url

Issue 883038: Feedback: Eliding www/m subdomains
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114

To WWW or not WWW
https://www.netlify.com/blog/2017/02/28/to-www-or-not-www/

Why a domain’s root can’t be a CNAME — and other tidbits about the DNS
https://www.freecodecamp.org/news/why-cant-a-domain-s-root-be-a-cname-8cbab38e5f5c/

Leave a comment

Comment anonymously or log in to comment.

Comments (2)

Leave a reply

Reply anonymously or log in to reply.

avatar

Very clear and useful. Thanks.

avatar

Another brilliant and helpful post. Thanks! Why don't you include an About on your blog? Can't seem to locate it.