So You Want to Define a Well-Known URI
ingve
136 points
92 comments
June 19, 2026
Related Discussions
Found 5 related stories in 108.3ms across 10,996 title embeddings via pgvector HNSW
- It is incorrect to "normalize" // in HTTP URL paths pabs3 · 65 pts · April 18, 2026 · 43% similar
- nowhere: an entire website encoded in a URL bpierre · 100 pts · April 24, 2026 · 40% similar
- Have a Fucking Website asukachikaru · 92 pts · March 18, 2026 · 39% similar
- What’s on HTTP? elixx · 48 pts · March 18, 2026 · 38% similar
- .furry – A Top-Level Domain for Furries birdculture · 13 pts · June 03, 2026 · 38% similar
Discussion Highlights (13 comments)
jvuygbbkuurx
Why are they so specific? Why password-reset instead of a more generic link tree? Why discord domain verification instead of domain-verifications with a dynamic list on entries? Seems like a waste of time. I would just define my own spec outside of well known for my use case.
reddalo
I wish people would follow this, instead of coming up with new standards in the root namespace. "llms.txt" [1] comes to mind, for example. Let's stop polluting the root of a domain! [1] https://llmstxt.org/
einpoklum
How well-known are those URIs though? :-\
sandblast
No, in fact I don't. But this post wouldn't be of any help anyway. It feels like it's about nothing, there is no substance, just stating some obvious facts. Without examples that lead to some real recommendations, this whole expertise claimed by the author is of no use.
philipwhiuk
I'm not sure I like ` https://domain.com/.well-known/robots.txt ` any better frankly
jiggunjer
Title says uri but post only about urls, a type of uri
user3939382
I wish we had one for navigation layout of a site so browser chrome could render that in a consistent way. It would also be a boon for a11y.
momoraul
.well-known started tidy and quietly became the junk drawer of the web root. security.txt, ACME, app-site-association, and counting.
1vuio0pswjnm7
"This Web site requires a more modern browser to operate securely; please upgrade your browser." Alternative, no SNI required https://web.archive.org/web/20260619061625if_/https://mnot.n...
inigyou
The consideration about having more than one of them on a domain seems like something that's often overlooked.
welder
Does a change-password registry actually get used, even by bots? I don't see bots checking for a .well-known/change-password url on my sites. It seems a good place to put public configs, just to have a place for them, but not as a means of discovery.
quotemstr
One disappointment you can't help but feel, having worked in technology a while, is about how people solve the same problems over and over in redundant and subtly incompatible ways. How do you associate metadata with a public name? A SRV record! No, a TXT record! No, a meta tag! No, data attributes! No, an X.509 attribute! No, a random file at top level! No, a well known file under some schema! No, ... It goes on forever. We're left with a mishmash of mechanisms and lowest common denominator support for them all. It would be nice if we picked an extension mechanism and maximally enhanced it rather than having everyone invent his own
devdoshi
I do think it is important to have autonomous discoverability with domain-anchored trust, whether through .well-known or DNS records or DNS over HTTP. It looks like cloudflare has already added a bunch of observability into their products around this area, and I am investigating too [1]. It seems like the number of services needing these, and the amount needed per org should both go up with more agentic use cases. I believe auth.md is also a recent example that uses .well-known [1] https://instagrate-me.sudoscience.dev/