WWW vs not using WWW

Should I put www. in front of my website?

The short answer is no, but you should add in a redirect from the www version to the non-www version of the website

But Google and Facebook do it

This is for security reasons that only exist under special circumstances that apply only to larger companies and companies that allow customers to build add their own websites/code snippets. I’ll more in depth into this later, if you really want to know the full explanation.

How do I redirect people who type in www to the non-www version?

Method A)

Have your web developer add the following to the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

Method B)

Install the Redirection plugin. Then under tools > redirection > site apply the following settings:

Under Canonical Settings change the preferred domain to "Remove www from domain". It's also probably a good idea to force http to https while your at it too.

Why exactly should I not be using www

You can. Nothing bad will happen, but why do it? It’s an outdated con, and nowadays everyone is used to the www not being there. It’s only unnecessary fluff. Browsers have even begun hiding the www in the URL bar (although it still appears when you copy and paste it for websites still using www).

Why is WWW a thing in the first place?

Let me first explain what www is. It’s nothing special, just a subdomain. You know of subdomains, for example images.google.com, news.google.com, etc. In images.google.com, images is the subdomain. Although no one does this, just like how images.google.com and google.com show different pages, google.com and www.google.com could be made to show different pages. It’s only by convention that www.example.com and example.com will show the same page.

We didn’t always do things this way though. History lesson. Before the internet came along and connected everything together, websites still existed, but were only accessible by people within the same building(s). They were created for internal use within large organizations. And the internet started connecting businesses together, the idea was that these large organizations could continue to use their internal website, and then they could have a separate website prefixed with www for the rest of the world to see. With the rest of the world being a few other businesses and universities. In this setting it made since to have the www and non-www websites go to separate pages.

As the internet continued to grow we kept the convention of adding www in front of websites, and we got used to seeing ads that told us the name of websites with www in front. But things slowly changed, and if you are remembering this time and think there is something special to having a www, you need to get with the times. Nowadays the convention is not to use www, and for legacy purposes we redirect the www version to the non-www version to ensure we don’t loose traffic to anyone who tries to type in the website with a www in front.

But you did mention there are still some times when www is important

Yes, there is one security caveat that applies to larger business. It has to do with cookies. You may not want a subdomain such as images.google.com from being able to mess with the cookies of google.com. In a business with thousands of employees such as Google you wouldn’t want any employee to be able to accidentally or purposefully open up a loophole in some code that allows someone to mess with the cookies of google.com. By using www.google.com, Google only has to worry about making sure the employees who work on the actual search engine are keeping google.com cookies stores safe.

But there is a much larger problem than that. It’s not just employees, it’s actually anyone in the world. Google allows anyone in the world to create a websites at a subdomain of sites.google.com. These user controlled websites are able to read cookies stored at google.com. Fortunately, Google does not store any cookies at all on google.com, instead, it redirects people to www.google.com and stores cookies there.

For these reasons, when your business gets to a significant size, your head of security, that you will have when you get to that size, may decide that it is best to switch to using www. Even if you have a service offering similar to sites.google.com, there are actually other security concerns that would make you want to use a completlely different domain name such as googlesite.com instead of site.google.com. Google just has a large security team to help out with all of the other concerns, concerns they have to handle anyways because they don’t trust their own own employees. (With thousands of employees you have to assume there will be some rotten apples.)

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.