How a browser displays a web page
How a Browser Displays a Web Page
A web page is not displayed as-is the moment you enter a URL into the browser.
In reality, a sequence happens in order: interpreting the URL, obtaining an IP address through DNS, connecting to the server, establishing a secure connection through HTTPS, sending an HTTP request, receiving a response from the server, and rendering by the browser.
However, not every process necessarily starts from the beginning every time. DNS results may be cached, an existing connection may be reused, or data may be loaded from the browser cache.
This article avoids going too deeply into detailed specifications and organizes what happens before a web page is displayed, following the actual communication flow.
What Happens After You Enter a URL?
For example, suppose you enter the string "https[:]//example.com" in the browser address bar.
The browser first checks the entered string.
It determines whether it is a search keyword or a website URL, and if it is a URL, it interprets the destination.
A URL mainly contains the following kinds of information.
| Element | Example | Meaning |
|---|---|---|
| Scheme | https | Shows which method is used for communication |
| Hostname | example.com | Shows the name of the website you want to connect to |
| Port number | 443 | Shows which communication endpoint to connect to. It is often omitted |
| Path | /about | Shows which location on the server is being requested |
| Query string | ?id=10 | Passes additional information to the server |
| Fragment | #section | Shows a position within the page. Usually not sent to the server |
A URL is a form that makes it easy for humans to specify a website.
However, when looking for the server to communicate with on a network, an IP address is ultimately necessary.
For that reason, the browser proceeds to look up the IP address from the host name.
Looking Up the IP Address With DNS
The browser cannot connect to a server with only the name "example.com."
DNS is the mechanism used for this.
DNS maps domain names to IP addresses.
The browser or OS first checks whether DNS results remain locally. If you have accessed the same domain in the past, it may be possible to obtain the IP address from the DNS cache.
If there is no information in the cache, it queries a DNS resolver. The DNS resolver looks for the IP address corresponding to the target domain name, querying multiple DNS servers as needed.
| Step | What happens | Purpose |
|---|---|---|
| 1 | The browser or OS checks the cache | Check whether a previously looked-up IP address can be reused |
| 2 | Query the DNS resolver | Look up the IP address corresponding to the domain name |
| 3 | Obtain an A record or AAAA record | Get the IPv4 or IPv6 destination |
| 4 | Decide the destination using the IP address | Identify the actual communication partner |
The IP address obtained here is not necessarily fixed.
Even for the same domain name, different IP addresses may be returned depending on region, DNS settings, load balancing, CDN, and other factors.
Connecting to the server
Once the IP address is known, the browser connects to the server that has that IP address.
In web communication, not only the destination IP address but also the port number matters.
Normally, HTTP uses port 80, and HTTPS uses port 443.
| Communication method | Main port number | Meaning |
|---|---|---|
| HTTP | 80 | Often used for unencrypted web communication |
| HTTPS | 443 | Often used for web communication protected by TLS |
With HTTP/1.1 and HTTP/2, TCP is normally used for connections to servers.
By contrast, HTTP/3 uses a mechanism called QUIC, which runs over UDP.
This article does not go into the details of HTTP/2 or HTTP/3, but the important point is that the browser uses an IP address and port number to create a connection with the server.
Also, a new connection is not necessarily created every time. If a connection to the same server already remains, the browser may reuse the existing connection.
Creating a secure connection with HTTPS
If the URL starts with "https," the browser communicates with the server using HTTPS.
HTTPS is communication in which HTTP is protected by TLS.
TLS mainly has the following roles.
| Role | Meaning | Importance |
|---|---|---|
| Encryption | Makes communication content harder for third parties to read | Protects passwords and page content |
| Tamper detection | Checks whether content has been changed during communication | Makes it easier to prevent modification by a man-in-the-middle attacker |
| Server identity verification | Checks whether the destination is the server for the intended domain | Helps defend against fake sites and man-in-the-middle attacks |
The important point here is that HTTPS is not simply "a mechanism that encrypts communication."
The browser checks the certificate presented by the server and verifies whether that certificate is valid for the domain name being accessed.
Through this check, the browser can judge that "the server I am connected to is likely the intended server."
However, even when HTTPS is used, not all information about the communication is hidden.
For example, the destination IP address, the time communication occurs, and the amount of communication are not things HTTPS alone can completely hide.
Also, depending on the environment, information about the destination domain name may be visible along the network path.
In other words, HTTPS is very important for protecting communication content and verifying the other party, but it is not a mechanism that fully guarantees anonymity.
Requesting a Page With HTTP/HTTPS
Once a secure connection is created, the browser requests the page from the server.
This request is called an HTTP request.
With HTTPS, the contents of the HTTP request are sent while protected by TLS.
For example, the browser may send the following kinds of information to the server.
| Information | Meaning | Note |
|---|---|---|
| Method | Which operation it wants to perform | GET is often used for page retrieval |
| Path | Which page or data it wants | Such as / or /about |
| Host | Which domain the request is for | Also used when multiple sites are handled by one IP |
| User-Agent | Information such as browser and OS | Used for environment detection and display adjustment |
| Accept-Language | Preferred language | Used for decisions such as displaying Japanese pages |
| Referer | Whether the referring page is sent | May not be sent depending on settings or specifications |
| Identifying information stored for the site | Used to maintain login state and settings |
The server looks at this request and decides what data to return.
Even when accessing the same URL, the returned content may change depending on login state, cookies, language settings, device type, and other factors.
The Server Returns Data
After receiving a request from the browser, the server returns an HTTP response.
An HTTP response includes a status code, headers, body, and other parts.
| Element | Example | Meaning |
|---|---|---|
| Status code | 200 | Shows whether the request succeeded, whether there was an error, and similar information |
| Header | Content-Type | Shows the data type, cache policy, and similar information |
| Body | HTML and similar data | The actual data used by the browser |
HTML is central to a web page, but HTML alone does not necessarily complete the whole page.
Many web pages are displayed by combining multiple kinds of data.
| Data | Role |
|---|---|
| HTML | Represents the page structure |
| CSS | Specifies appearance such as colors, spacing, layout, and text size |
| JavaScript | Performs processing and dynamic changes on the page |
| Images | Displays photos, icons, diagrams, and similar content |
| Fonts | Adjusts how text looks |
| Video and audio | Plays media content |
The browser first receives HTML, then additionally obtains the CSS, JavaScript, images, fonts, and other resources specified in that HTML.
For that reason, even opening a single web page often causes multiple HTTP requests in practice.
The browser displays it on screen
When the browser receives data from the server, it converts that data into a form that can be displayed on screen.
Broadly, the following kinds of processing happen.
| Step | What happens |
|---|---|
| Parse HTML | Read the page structure |
| Apply CSS | Reflect appearance rules |
| Calculate layout | Decide where each element is placed |
| Paint | Display text, images, backgrounds, and similar content on screen |
| Run JavaScript | Change page content or behavior as needed |
The point to understand here is that the browser is not receiving a finished screen from the server.
The server returns materials such as HTML, CSS, JavaScript, and images.
The browser interprets them and assembles the page according to its own screen size, settings, and supported features.
For that reason, even the same web page may be displayed differently depending on PC, smartphone, browser type, screen width, and settings.
One page can still cause multiple communications
An important point in web page display is that even if you open one page, there is not necessarily only one communication destination.
Even if the page body is obtained from "example.com," images, ads, analytics, external fonts, external scripts, and similar resources may be loaded from other domains.
| Communication destination | Purpose | Example |
|---|---|---|
| Page body server | Obtain HTML | Body text and page structure |
| Image delivery server | Obtain images | Article images and icons |
| Advertising server | Display ads | Banner ads and ad scripts |
| Analytics server | Measure access status | Analytics tags |
| External font server | Load fonts | Web fonts |
| External script server | Add functionality | Embedded widgets and UI parts |
From the user's view, it may look like they only "opened one page," but behind the scenes the browser may be communicating with multiple servers.
Additional communication may also occur not only immediately after opening the page, but also in response to scrolling, button operations, searches, form input, video playback, and similar actions.
In recent web pages, designs that initially load only the minimum data and fetch additional data in response to user actions are also common.
Communication May Be Skipped Because of Caches
When displaying a web page, the browser does not necessarily obtain all data from the server every time.
The browser may temporarily store images, CSS, JavaScript, and other data obtained in the past.
This is called a cache.
When the cache is valid, the browser may use data stored inside the device without obtaining the same data from the server again.
| Target | Effect of cache |
|---|---|
| DNS results | Reduces the need to look up the IP address from the domain name again |
| Images | Avoids downloading the same image many times |
| CSS | Reuses files related to page appearance |
| JavaScript | Uses the same script without fetching it again |
| Connection | Existing connections may be reused |
Caches are important for increasing display speed and reducing communication volume.
However, when thinking about anonymity and privacy, it is also necessary to pay attention to information that remains inside the browser, such as caches and cookies.
Important viewpoints for thinking about anonymity
When thinking about anonymity, it is important that opening a web page is not a simple one-time communication.
In web access, multiple elements are involved, including DNS, IP addresses, HTTPS, cookies, User-Agent, Referer, external scripts, and caches.
Even when communication content is protected by HTTPS, the destination IP address, communication timing, communication volume, headers sent by the browser, identification through cookies, and additional communication to external servers become issues from other viewpoints.
| Viewpoint | What to check |
|---|---|
| DNS | Which domain name was queried |
| IP address | Which server was connected to |
| HTTPS | Whether communication content encryption, tamper detection, and server identity verification are performed |
| Cookie | Whether the user may be identified as the same user |
| User-Agent | Whether environment information such as browser and OS is being sent |
| Referer | Whether the page the user came from is communicated |
| External communication | Whether communication also occurs with servers other than the page body |
| Cache | Whether past browsing or obtained data remains inside the device |
Especially important is that "communication content is encrypted" and "no one can tell who accessed where" are not the same thing.
HTTPS is very important for protecting communication content and verifying the identity of the server you connect to.
However, when thinking about anonymity, you need to look separately not only at HTTPS, but also at DNS, IP addresses, information sent by the browser, cookies, external communication, and other factors.
Summary
Before a browser displays a web page, multiple processes happen step by step.
First, the browser interprets the entered URL and checks the host name.
Next, DNS is used to look up the IP address corresponding to the host name.
Once the IP address is known, the browser connects to the server.
For HTTPS, TLS performs encryption, tamper detection, and server identity verification, creating a secure connection.
On that basis, the browser sends an HTTP request, and the server returns data such as HTML, CSS, JavaScript, and images.
The browser parses the received data and displays it on screen.
In addition, while displaying one page, additional communication may occur through images, ads, analytics tags, external fonts, external scripts, and similar resources.
Opening a web page involves more communication and processing than it appears to from the outside.
Understanding this flow makes it easier to organize not only the basic structure of the web, but also the points to examine when thinking about anonymity and privacy.
Related tools
DNSLeakTest
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.
BrowserLeaks WebRTC
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.