hxxp
hxxp://, sometimes h**p:// or _ttp://, is used in URLs (web links) to obscure the fact that one is linking to a http:// website. It is generally used to avoid automatic recognition by computer programs. For a user to follow this link, it is usually necessary to manually copy-paste the link onto the web browser's address bar and replace the 'x'es with 't's.
With Internet Explorer (including version 7), replacing the X's after pasting into the address bar is not necessary, as it will correct the URL automatically.
Uses
Some of the uses of this method include:
- to avoid passing the HTTP referrer header which would reveal the referring web site to the target.
- avoiding automated web crawlers from following the links. While effective, legitimate web crawlers can be avoided through the use of a robots exclusion standard on the target web site. To avoid advancing the search engine rank of the target web site, nofollow attributes can be used instead.
- to bypass overzealous link spam protection in, for example, blog comments.
- for making sure that a user doesn't accidentally click on a potentially harmful link, in applications that automatically recognize links in plain text. Examples of this include "not safe for work" links.
- to avoid an application from downloading unwanted files, like advertisements or a malware. The method is directly change all 'http' to 'hxxp' in specific uncompressed .exe or .swf files with a hex editor.
See also