-4

I want to know whether showing the extension of a file in the website's URL is safe or not.

For example:

  • www.example.com/contact.php
  • www.example.com/contact
Ivar
  • 6,138
  • 12
  • 49
  • 61
WaleedGRT
  • 13
  • 1
  • 3
  • These are just names/labels that are used to associate resources. – Progrock Nov 12 '19 at 09:31
  • Revealing your underlying software, could comprimise your security. HTTP response headers for example could reveal your Php version, your framework, CMS etc. And this could be used to comprimise your system. On the flip side if you hide this information, this is just security through obscurity. You may still have security vulnerabliities. – Progrock Nov 12 '19 at 09:33

1 Answers1

0

It's safe to do so if you want, providing PHP is installed and executes your PHP files correctly.

Gavin Ward
  • 46
  • 2
  • 1
    Google’s John Mueller says file extensions in URLs do not matter (2018). https://www.youtube.com/watch?v=xMIW3i37YeY – Progrock Nov 12 '19 at 09:37
  • Clean urls are a matter of taste. Urls such as http://example.com/321456, http://example.com/goat or http://example.com/goat.png could all point to the same resource. – Progrock Nov 12 '19 at 09:45
  • You could have an old version of Php that executes your files 'correctly', but may be unsupported and vulnerable to security exploits. – Progrock Nov 12 '19 at 10:33
  • Thanks for clearing my concept. – WaleedGRT Nov 12 '19 at 12:49