Did you know that HTTP is an API? It's true! Everytime you visit a website, your browser sends a HTTP request to some server.
Here's the request that your computer sent to my server when you visited this page.
{
"URL": "/wwo24/api/",
"Protocol": "HTTP/2.0",
"Method": "GET",
"IP Address": "18.97.9.170",
"Referer": "",
"Body": "",
"Headers": {
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
],
"Accept-Encoding": [
"br,gzip"
],
"Accept-Language": [
"en-US,en;q=0.5"
],
"User-Agent": [
"CCBot/2.0 (https://commoncrawl.org/faq/)"
]
},
"Cookies": "[]"
}
This may seem like gobbledygook to you, so let's break down some of the more interesting information!
-
IP Address
Your request gives me access to your IP address. Yours is 18.97.9.170.
With your IP Address, I get access to information about your ISP (internet provider), and whatever information your ISP wants to share about your location.
The location usually isn't very accurate, sometimes only granular to your country or state, but sometimes it can point to a city or neighborhood.
You can use a bunch of third party sites to look up information about an IP Address.
Click the button below to make an API call to https://ipapi.co/ to learn what info is associated with your IP Address!
-
User-Agent
User-Agent is the field that contains information about what kind of browser and computer you were using.
Your user agent is "CCBot/2.0 (https://commoncrawl.org/faq/)"
User Agents are usually kinda long and hard to read, but you should be able to pick out some relevant info!
-
Cookies
Cookies are pieces of information that a website can place in your browser, that automatically gets sent to the web server on every request.
The cookies on your request are: []
If this is the first time you've visited the page, you should see an empty list. If it's the second, you'll see a cookie called have-i-been-here-before that I set on your browser the first visit! Refresh to see it.
Cookies are unique to your browser -- they are stored to your computer's hard drive.
Cookies were originally intended to store useful information like login info. When you signed in to a websiite with your username and password, the site would store a cookie on your computer saying that you'd logged in. The next time you visited the website, your browser would pass that cookie, and you could skip the login step.
Unfortunately, ad companies started used cookies to track you across websites (evil). In response, the EU passed GDPR: widesweeping legislation designed to give people their data privacy back.
This was a good idea executed poorly. GDPR is rarely enforced, esp. against the big international companies that are most effective at tracking you. Additionally, websites trying to comply with GDPR created the annoying "Accept Cookies?" popups that now spam the internet.
In 2020, Google announced it was going to kill tracking cookies (by disabling them in Google Chrome and IE Edge), but they appear to have backed out of that idea.
See this article from Ghostery to learn more about tracking cookies: https://www.ghostery.com/blog/what-are-tracking-cookies
So yeah, there's a brief overview of some of the info that web servers collect when you visit their website.
In the day to day, none of it is too damaging, but it's good to be aware of all the same. And in the aggregate, at large scale, it allows ad companies (Google, Facebook) to track us across the web.
VPNs can be used to hide your IP and make it harder to track you. Just be careful about which VPN you sign up for, because they get all the info the webserver's normally do.
To end on a happy note though... here's the Cookie Monster!