Essential International Standards and Registries for Web Developers
- Programming, Quality Assurance, Security
Last revision:

The following is a collection of free international standards, registries and references that I collected throughout the years while developing websites and web services. These references, while very precise and technical by their nature, are extremely useful in order to ensure that a specific implementation is actually correct, and to mitigate unexpected interoperability between systems on the Internet.
As it's not always clear how a technology is used based on its name or acronym, I included the primary use case for each reference along with its name and/or acronym.
Also, many of these standards are built over each other, and as such I tried to list them in that order as much as possible while maintaining clarity.
Real world stuff
The following provides IDs and critical information about worldwide social, political and cultural concepts often referenced.
- Country code ISO database (ISO 3166 codes)
- Country code United Nations list (M49)
- Currency code list (ISO 4217 codes)
- Language code list (ISO 639 codes)
- Language tags
- Matching language tags
- Language subtag list
- Language tag extension list
- Phone numbering (E.164)
- Phone numbers notation (E.123)
- Time zone database
Plain text
The following explains how text is handled by a computer.
- Character ID list (Unicode)
- Normalizing equivalent character strings (UAX #15)
- Unicode normalization charts
- Character encoding list for general use
- Character encoding list for web pages
- Encoding binary data as text (Base64)
Note that the most popular character encoding is UTF-8, a superset of ASCII.
IP adresses
The following explains how computers can identify and talk to each other on the Internet.
Domain names
The following explains how to find information about a particular domain on the Internet, including the IP adresses of its services.
Note that host names are domain names on which a website can be hosted.
- Host name original definition
- Host name extended definition (section 2.1)
- Domain names (DNS) part 1
- Domain names (DNS) part 2
- Wildcards in domain names
- Domain name resource record types (RR TYPEs) list
- International domain names 2003 version (IDNA2003) part 1
- International domain names 2003 version (IDNA2003) part 2
- International domain names 2003 version (IDNA2003) part 3
- International domain names 2003 version (IDNA2003) part 4
- International domain names 2008 version (IDNA2008) part 1
- International domain names 2008 version (IDNA2008) part 2
- International domain names 2008 version (IDNA2008) part 3
- International domain names 2008 version (IDNA2008) part 4
- International domain names 2008 version (IDNA2008) contextual rules list
- Reading international domain names during transition (UTS #46)
- Special domain name list
- Domain name root zone list
- Domain name public suffix list
TLS
The following explains how an encrypted connection can be established between two machines over a network.
- Sharing public encryption keys (X.509 certificates) (often misnamed "SSL certificates")
- Secure communication protocol (TLS)
- Secure communication protocol (TLS) parameter lists
- X.509 certificate management automation (ACME)
Note that SSL is an obsolete technology that was superseded by TLS.
Emails
The following explains how emails work.
Note that Pluralsight subscribers can watch my course Configuring and Managing SPF, DKIM, and DMARC, which cover some of these topics.
- Transmission of emails (SMTP)
- Email base definition
- Required email adresses
- Emails with multiple senders
- Email extensions part 1
- Email extensions part 2
- Email extensions part 3
- International emails
- Email message header list
- Domain-based email sources authorization (SPF)
- Updating email source during forwarding (SRS)
- Cryptographic signatures on emails (DKIM)
- Cryptographic signatures on emails (DKIM) parameter list
- Domain-based email authentication policy (DMARC)
- Email authentication for international emails
- Email authentication parameter lists
XML
The following explains how to use XML, a data format that forms the base of all web pages.
Note that newer versions of XML and XPath exist, but are seldom used.
- XML 1.0
- Navigating XML documents (XPath 1.0)
- Defining XML schemas (XSD) part 1
- Defining XML schemas (XSD) part 2
Note that I am not including SOAP and WSDL as these technologies are obsolete, and most API providers that do use them generally offer better alternatives alongside them.
JSON
The following explains how to use JSON, a common data format commonly used by websites.
URLs
The following explains how to interpret URLs.
HTTP
The following explains how web clients interact with websites.
- HTTP fundamentals
- HTTP/1.1
- HTTP/2
- HTTP/3
- HTTP method list
- HTTP parameter lists
- HTTP status code list
- HTTP header list
- Media type list
- Cookies
- APIs using HTTP (REST)
- Defining REST APIs (OpenAPI) (often misnamed "Swagger")
Static web
The following explains how to write a web page.
- Web fundamentals
- Web interface definition language (Web IDL)
- Web document representation (DOM)
- Fetching web resources (Fetch)
- Hypertext (HTML)
- Styling (CSS)
- Mathematical formulas (MathML)
- Scalable vector graphics (SVG)
- Restricting unauthorized content (CSP)
- News feeds (Atom) (often misnamed "RSS")
Note that RSS is an obsolete technology that was superseded by Atom.
Programming
The following explains how to write and automatically interact with dynamic web pages. Note that some API implementations are already described in the HTML definition listed in the previous section.
- High-level programming (ECMAScript) (often misnamed "JavaScript")
- API to display notifications
- API to display elements fullscreen
- API to fetch data from a server (XMLHttpRequest) (not related to XML)
- API to communicate with a server (WebSockets)
- API to communicate with other web clients (WebRTC)
- APIs for data streams
- API to manage local or session storage
- API to access the file system
- Low-level programming (WebAssembly)
- API to access low-level code
- Low-level code integration with the web
- HTTP API to access a web browser's UI (WebDriver)
Metadata
The following describes non-standard HTML meta tags found on the Internet. Note that standard ones are documented in the HTML specifications.
- Meta tags understood by Facebook (Open Graph)
- Meta tags understood by Twitter
- Publicly-known non-standard meta tag list
Data access management
The following explains how websites should manage secure data, including cases where authentication is done by a third-party.
- Usernames and passwords containing international characters
- HTTP authentication scheme list
- One-time passwords (OTP)
- Time-based one-time passwords (TOTP)
- Passwordless authentication (WebAuthn)
- Passwordless authentication (WebAuthn) attestation statement formats and extensions
- XML-based single sign-on (SAML)
- JSON-based authorization (OAuth 2.0)
- JSON-based authorization (OAuth 2.0) bearer tokens
- JSON-based authorization (OAuth 2.0) parameter list
- JSON-based identity validation (OpenID Connect)
End-to-end security
The following allows people to share highly-sensitive information securely.
- End-to-end encryption or signing (OpenPGP) (often misnamed "PGP" or "GPG")
- End-to-end encryption or signing (OpenPGP) parameter lists
- Security research management (security.txt)
- Security research management (security.txt) field list
Accessibility
The following explains how to write web pages to be accessible for people with disabilities.
- Accessibility guidelines for web pages (WCAG)
- Adding accessibility information to web pages (ARIA)
- Recommendations on adding accessibility information to web pages
- Implicit accessibility information in HTML
Markdown
The following defines a humanly-readable plain text format that can be easily converted to hypertext with tools.
Other common data formats
The following defines a few other common data formats that can be found on the web.
- Spreadsheet table data (CSV)
- Human-readable JSON superset (YAML) (surprisingly complex)
- Compressed archives (ZIP)
- Semantic version numbering (optional)
Related articles I wrote

Scrum Is Not Agile
- Programming, Business, Psychology
While there is no denying that Scrum revolutionized the software industry for the better, it may seem a little strange to read about someone that dislikes it despite strongly agreeing with the Agile Manifesto, considering the creator of Scrum was one of its signers. However, after having experienced…

Validating and Viewing OpenAPI Definitions with Docker
- Quality Assurance, Programming
Here are a few commands I crafted to validate and easily read API definitions in the OpenAPI format, using Docker and open source tools provided by Swagger. I have yet to convert them into proper shell scripts, but I hope these will be helpful nonetheless. The commands are designed to be run in a…

Beating Illusion of Gaia in 17 Minutes
- Video Games, Security
I crafted a tool-assisted speedrun (TAS) of the Super NES action-adventure game Illusion of Gaia (also known as Illusion of Time in Europe) which beats the game as fast as possible on the American version. The final time is 16:48 when using TAS timing (from initial power on to the last input) and…

A Universe and World Creation Script for Mongoose Traveller 2nd Edition
- Tabletop RPGs, Programming
The following is a Python script developed by yours truly to generate a sector according to the core rulebook of the Mongoose Traveller 2nd Edition tabletop RPG, exactly as described in the Universe and World Creation chapter. It is designed to describe worlds in human-readable format as much as…

Deep Learning in Python with PyTorch - Tutorial and Demo
- Programming, Mathematics
As I am continuing my personal journey into deep learning research and development, I wanted to try out PyTorch, a machine learning framework with GPU acceleration primarily designed for the Python programming language. However, I couldn't find any good introductory resource online for it. So I read…