Website Glossary
Key website, SEO, DNS and security terms explained in plain English.
3
A permanent HTTP redirect that tells browsers and search engines a page has moved to a new URL, passing SEO authority to the destination.
A 302 redirect is a temporary HTTP redirect that tells browsers and search engines a page has moved temporarily, preserving the original URL in the search index.
4
An HTTP status code indicating that the requested page or resource could not be found on the server.
5
An HTTP status code indicating an unexpected condition on the server prevented it from fulfilling the request.
A
A DNS record type that maps a domain name to an IPv4 address, directing browsers to the correct server.
A DNS record that maps a domain name to an IPv6 address, the modern successor to IPv4.
An Application Programming Interface is a set of rules and protocols that allows different software applications to communicate with each other.
B
A backlink is a hyperlink from one website pointing to another, and it is one of the most important signals for search engine ranking authority.
Bandwidth is the maximum rate of data transfer across a network path, typically measured in bits per second (Mbps or Gbps).
An attack that tries every possible combination of passwords or keys until the correct one is found.
C
Certification Authority Authorisation — a DNS record that specifies which Certificate Authorities are permitted to issue SSL certificates for a domain.
A challenge-response test used to determine whether a user is human or an automated bot.
A Content Management System is software that enables users to create, manage and publish digital content without requiring technical coding knowledge.
A DNS record that creates an alias pointing one domain name to another domain name rather than directly to an IP address.
Cross-Origin Resource Sharing — a browser mechanism that controls which external domains can make requests to a web server's API.
Cross-Site Request Forgery — an attack that tricks a logged-in user's browser into sending an unwanted request to a web application.
Cascading Style Sheets is the language used to describe the visual presentation of HTML documents — layout, colours, fonts and animations.
A cache is a temporary storage layer that saves copies of data or resources so future requests are served faster without regenerating or re-fetching them.
A canonical URL is the preferred version of a webpage, specified with a rel=canonical tag to prevent duplicate content issues in search engines.
A trusted organisation that issues, validates and revokes digital certificates used to verify website identities in HTTPS connections.
A CDN is a globally distributed network of servers that caches and delivers web content from locations close to the end user, reducing latency.
An HTTP security header that restricts which resources a web page can load, dramatically reducing the risk of XSS attacks.
A small piece of data stored in the browser by a website, used to remember user preferences, login sessions and tracking information.
Core Web Vitals are three Google metrics — LCP, INP and CLS — that measure real-world loading performance, interactivity and visual stability of web pages.
D
Distributed Denial of Service — an attack that floods a server with traffic from many sources to make a website unavailable.
DomainKeys Identified Mail — an email authentication method that adds a cryptographic digital signature to outgoing emails.
Domain-based Message Authentication, Reporting and Conformance — a policy that instructs receiving mail servers how to handle emails that fail SPF or DKIM checks.
Domain Name System — the internet's distributed directory that translates human-readable domain names into IP addresses.
The process by which updated DNS records spread across DNS servers worldwide — typically taking 24 to 48 hours to complete.
A server that receives DNS queries from clients and recursively queries other DNS servers to resolve domain names to IP addresses.
DNS Security Extensions — a set of protocols that add cryptographic signatures to DNS records to prevent DNS spoofing and cache poisoning.
A human-readable address (e.g. example.com) used to identify a website or internet resource in place of its numeric IP address.
An ICANN-accredited organisation authorised to register domain names on behalf of individuals and businesses.
The process of moving a domain name's registration from one registrar to another.
F
File Transfer Protocol is a standard network protocol used to transfer files between a client and a server over a TCP/IP network.
A security system that monitors and controls incoming and outgoing network traffic based on predefined rules.
G
Gzip is a file compression algorithm used by web servers to reduce the size of HTML, CSS and JavaScript files before sending them to the browser.
H
HTTP Strict Transport Security — a web security policy that forces browsers to only connect to a website over HTTPS, preventing downgrade attacks.
HyperText Markup Language is the standard language used to structure content on the web using a system of tags and attributes.
HyperText Transfer Protocol — the foundational communication protocol used to transfer data on the web, without encryption.
HTTP methods (verbs) define the intended action for an HTTP request — GET, POST, PUT, DELETE, PATCH and others.
Three-digit codes returned by a server to indicate the outcome of an HTTP request — success, redirect, client error or server error.
HTTP/2 is the second major version of the HTTP protocol, introducing multiplexing, header compression and server push to improve web performance.
HyperText Transfer Protocol Secure — the encrypted version of HTTP that protects data in transit between a browser and a server.
A deceptive security mechanism that lures attackers or bots into interacting with a hidden trap, revealing their activity without disrupting legitimate users.
I
A unique numerical label assigned to every device on a network, used to identify and locate it for communication.
J
JavaScript Object Notation is a lightweight, human-readable data interchange format widely used for APIs and configuration files.
JavaScript is the programming language of the web, enabling interactive and dynamic behaviour in browsers and server-side applications via Node.js.
L
Lazy loading is a technique that defers loading of non-critical resources (images, iframes) until they are about to enter the viewport, improving initial page speed.
A load balancer distributes incoming network traffic across multiple servers to ensure no single server is overwhelmed, improving availability and reliability.
Localhost is the standard hostname referring to the current computer, resolving to the loopback IP address 127.0.0.1, used to access local development servers.
M
A DNS record that specifies which mail servers are responsible for accepting email for a domain.
Malicious software designed to damage, disrupt or gain unauthorised access to computer systems.
An attack where the attacker secretly intercepts and potentially alters communications between two parties.
The meta description is an HTML element that provides a short summary of a page's content, often displayed as the snippet under a title in search results.
The meta title (title tag) is the HTML element that specifies a page's title, displayed in browser tabs and as the clickable headline in search results.
Minification removes unnecessary characters (whitespace, comments, long variable names) from source code to reduce file size and improve load time.
N
A DNS record that specifies the authoritative nameservers for a domain — the servers that hold all DNS records for that domain.
A DNS server that holds and serves the authoritative DNS records for one or more domains.
O
OAuth is an open authorisation framework that lets users grant third-party applications limited access to their accounts without sharing their password.
Open Graph is a protocol developed by Facebook that uses meta tags to control how URLs appear when shared on social media platforms.
Open source software has its source code publicly available for anyone to view, use, modify and distribute, typically under a specific licence.
P
Pointer record — a reverse DNS record that maps an IP address back to a domain name, used primarily for email server verification.
A software application that securely stores and manages passwords, generating unique strong passwords for each account.
A cyberattack that tricks users into revealing passwords, card numbers or personal data by impersonating a trusted entity.
A network port is a virtual endpoint that differentiates multiple services running on the same IP address, identified by a number from 0 to 65535.
A Progressive Web App (PWA) is a web application that uses modern APIs to deliver app-like experiences — offline support, push notifications and home screen installation.
R
A REST API follows the Representational State Transfer architectural style, using standard HTTP methods and stateless communication to expose resources.
Responsive web design is an approach where a website's layout automatically adapts to different screen sizes using flexible grids, images and CSS media queries.
A text file at the root of a website that instructs search engine crawlers which pages or directories they are allowed or disallowed from accessing.
S
Search Engine Optimisation is the practice of improving a website's visibility in organic search engine results to attract more relevant traffic.
A Search Engine Results Page (SERP) is the page displayed by a search engine in response to a query, showing organic results, paid ads and rich features.
Start of Authority record — the primary DNS record that contains authoritative information about a DNS zone, including the primary nameserver and zone settings.
Sender Policy Framework — a DNS-based email authentication method that specifies which mail servers are authorised to send email for a domain.
An attack that inserts malicious SQL code into a query, allowing attackers to manipulate or extract data from a database.
Secure Shell (SSH) is a cryptographic network protocol for securely accessing remote servers and executing commands over an unsecured network.
A digital file installed on a web server that enables encrypted HTTPS connections and verifies a website's identity.
A server is a computer or software system that provides resources, data or services to other computers (clients) over a network.
A temporary, server-side record of a user's interaction with a website, used to maintain state across multiple HTTP requests.
A sitemap is an XML or HTML file that lists a website's important URLs, helping search engines discover and crawl pages efficiently.
A staging environment is a replica of the production server used to test new features, updates and configurations before deploying them live.
Structured data is code (usually JSON-LD) added to web pages that helps search engines understand content and enables rich results in SERPs.
A prefix added to a root domain to create a distinct address for a specific section or service of a website.
T
Top-Level Domain — the last part of a domain name (e.g. .com, .org, .net, .uk) that indicates its category or country.
Transport Layer Security — the cryptographic protocol that encrypts internet communications, replacing the older SSL protocol.
Time to Live — a value in DNS records that specifies how long (in seconds) the record should be cached by DNS resolvers.
A DNS record that stores arbitrary text data, used for domain ownership verification, SPF, DKIM, DMARC and third-party service configuration.
A security process requiring two separate forms of verification before granting access to an account.
U
A Uniform Resource Locator is the complete web address used to locate a specific resource on the internet.
Uptime is the percentage of time a server or website is fully operational and accessible, typically expressed as a 99.9% or 99.99% SLA.
V
Virtual Private Network — a service that encrypts your internet connection and hides your IP address by routing traffic through a remote server.
Version control is a system that records changes to files over time, allowing developers to track history, revert mistakes and collaborate without overwriting each other's work.
W
A public protocol and database that stores registration information for domain names, including owner contact details and expiry dates.
Web accessibility means designing and developing websites so people with disabilities — visual, hearing, motor or cognitive — can use them effectively.
Web analytics is the collection, measurement and analysis of website data — page views, sessions, bounce rate, conversions — to understand and improve performance.
Web hosting is a service that provides the server infrastructure needed to store website files and make them accessible on the internet.
WebSocket is a communication protocol that provides a persistent, full-duplex channel over a single TCP connection, enabling real-time data exchange between client and server.
WordPress is the world's most popular open-source CMS, powering over 43% of all websites, known for its plugin ecosystem and ease of use.
X
Cross-Site Scripting — a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Z
A previously unknown software vulnerability that has no available patch, leaving systems exposed from the moment of discovery.