Tell me what happens when you hit Enter after typing www.google.com into your browser.

Written By Shruti Salunkhe

Tell me what happens when you hit Enter after typing www.google.com into your browser.

Candidate:
Yes! From the browser to the server response and rendering, I'll break it down into the essential steps.

URL Parsing
The URL is first parsed by the browser to determine:
Protocol: HTTPS
Name of the host: www.google.com
(default if not specified) Path: /
It is aware that it must send Google's server a secure HTTP request.

DNS Resolution
The browser then examines the DNS cache. If there is no cached IP found:
It makes a query to a recursive DNS resolver (such as 8.8.8.8 or public ISPs).
The resolver goes through:
IP addresses such as 142.250.x.x are returned by the Root DNS ➝.com TLD server ➝ Google's authoritative DNS ➝.
The IP address to connect to is now known to the browser.

TCP Connection
To connect, a three-way TCP handshake is started:
The client provides SYN.
The server returns SYN-ACK.
The client sends an ACK

Between the browser and the server, a dependable communication channel has now been established.Because it's HTTPS, a TLS handshake is required:

The encryption methods are agreed upon by the client and server.
The certificate is sent by the server.
The browser uses its trusted Certificate Authorities (CAs) to validate the certificate.
A shared secret key is generated by both parties.
All communications are now encrypted.

Sent an HTTP request
An HTTP GET request is sent by the browser:
Vbnet Copy Edit Host: www.google.com GET / HTTP/1.1
Additionally, it might send headers like Accept-Language, Cookies, and User-Agent.

Processing on the Server Side
The request is routed to a nearby, healthy data center by Google's load balancer.
There:
The request is handled by application servers.
Content is customized (e.g., logged-in status, region).
For the response, both static and dynamic data are retrieved and packaged.

Sending back the HTTP response
An HTTP response is sent by Google:
Line of status: HTTP/1.1 200 OK
Headers: Set-Cookie, Cache-Control, and Content-Type
Body: The homepage's HTML content

Browser Rendering the response is sent to the browser:
Builds the DOM and parses HTML.
Retrieves extra resources (pictures, CSS, and JS).
Runs scripts.
Displays the finished page on the screen.
The user can now interact with the search box and view the Google homepage.

Interviewer:
Excellent summary! How does DNS caching affect system performance?

Candidate:
Lookup time is decreased by caching. DNS entries are cached by the OS, browser, and recursive resolvers according to TTL. This speeds up subsequent requests and prevents needless network calls.

Interviewer: In this flow, how does Google guarantee high availability?

Google utilizes:
Anycast DNS Worldwide
Traffic is distributed using load balancers.
Global redundancy in data centers
CDN caching
Automatic failover mechanisms
Requests are immediately redirected even in the event that a region goes down.

Interviewer:
What happens if an image or JS file, for example, doesn't load on the page?

Candidate:
The remainder of the page is still being rendered by the browser.
Errors are logged and displayed in DevTools. Interactivity or layout may suffer if a critical resource (such as a blocking script) fails.

Interviewer:
Finally, how would you assess this flow's performance?

Candidate:
I'd keep an eye on important metrics like:
DNS lookup duration
Handshake time for TCP/TLS
TTFB stands for Time to First Byte.
Interactive Time (TTI)
Utilize programs such as Lighthouse or RUM to monitor actual user performance.

Interviewer:
That’s awesome. Thank you for metrics

 

More questions to prepare as below;

What happens if DNS fails?

  • If DNS fails (resolver down, no internet, misconfigured servers):

    • The browser retries with fallback DNS (if available).

    • If DNS is fully unreachable, browser shows “DNS_PROBE_FINISHED_NXDOMAIN”.

    • Local DNS cache may still serve previous records if not expired.

How does DNS caching work? Where can it be cached?

  • DNS responses include TTL (Time-To-Live).

  • Cache layers:

    • Browser cache

    • OS-level cache

    • Local DNS resolver cache (ISP or public DNS)

    • Recursive DNS caches

  • If cache is valid, query is resolved locally, reducing latency.

What is the difference between TCP and UDP? Why TCP here?

  • TCP:

    • Reliable, ordered, error-checked, connection-based.

    • Used for HTTP/S traffic where reliability matters.

  • UDP:

    • Unreliable, connectionless, faster (used for DNS, video streaming, VoIP).

  • Why TCP for Google page load?

    • Webpages require complete, ordered data with encryption (TLS requires TCP).

What is Anycast, and how does Google use it for DNS?

  • Anycast allows multiple servers to share one IP address globally.

  • User’s request automatically routed to nearest server based on network topology.

  • Google’s public DNS (8.8.8.8) uses Anycast for low-latency global resolution.

How does HTTPS work? Walk me through TLS handshake in more detail.

  • Client (browser) sends: Client Hello ➔ supported protocols, cipher suites.

  • Server responds: Server Hello ➔ certificate (proves identity), chosen cipher.

  • Client verifies certificate (using CA root store).

  • They generate shared encryption key (via Diffie-Hellman or RSA).

  • Secure encrypted channel is established.

  • All HTTP traffic now flows over this encrypted channel.

Performance & Optimization

What could you do to reduce page load time?

  • Use CDN edge caching.

  • HTTP/2 multiplexing to reduce multiple connections.

  • Compress images (WebP).

  • Minify JS/CSS.

  • Lazy load non-critical assets.

  • Preconnect, DNS-prefetch headers.

How do CDNs help? Where do they sit in this architecture?

  • CDN (Content Delivery Network) caches static resources close to users (images, scripts).

  • Positioned between client and origin server.

  • Reduces latency, offloads origin servers, improves availability.

What is lazy loading?

  • Deferring non-critical content loading until needed (e.g., images load as user scrolls).

  • Faster first contentful paint.

  • Reduces initial payload size.

What are metrics we would track for page performance?

  • First Contentful Paint (FCP)

  • Largest Contentful Paint (LCP)

  • Time to First Byte (TTFB)

  • Cumulative Layout Shift (CLS)

  • Time to Interactive (TTI)

  • Total Blocking Time (TBT)

What is HTTP/2 or HTTP/3? Why would they improve performance?

  • HTTP/2:

    • Multiplexes multiple requests on one connection.

    • Header compression.

    • Reduces latency.

  • HTTP/3:

    • Uses QUIC protocol over UDP.

    • Eliminates head-of-line blocking.

    • Faster connection establishment (0-RTT TLS).

Category 3: System Design Angle

How does Google ensure high availability?

  • Global load balancers.

  • Multiple geographically distributed data centers.

  • Redundant hardware.

  • Auto-failover systems.

  • Active-active architectures.

  • CDN offloading.

If traffic spikes (e.g., breaking news), how does Google handle the load?

  • Horizontal scaling — auto-provision more servers.

  • Load balancer rerouting.

  • CDN caches serve more static requests.

  • Rate limiting on non-critical systems.

  • Dynamic resource allocation via Kubernetes-like orchestration.

Explain Google’s global load balancing. How does traffic get routed?

  • Google Front End (GFE) edge servers handle user entry.

  • BGP-based routing, Anycast IP addresses.

  • Software-defined load balancing intelligently distributes across data centers.

  • Proximity, latency, and server health guide routing decisions.

How does Google personalize content while maintaining low latency?

  • Pre-caching common elements.

  • Fast, distributed user profile lookups.

  • Edge inference (ML at edge nodes for common personalization).

  • Smart caching of regional trends.

  • Personalization services separated from core search serving for scalability.

What would happen if one of Google’s data centers went down?

  • GFE routes traffic to nearest healthy data center.

  • Global replication of data.

  • Minimal user impact due to active redundancy.

  • Monitoring systems trigger automated failover within seconds.

Category 4: Security

Why is HTTPS mandatory?

  • Prevents man-in-the-middle attacks.

  • Encrypts data in transit.

  • Authenticates server identity.

  • Ensures data integrity.

  • Trust-building with users.

What is HSTS?

  • HTTP Strict Transport Security.

  • Instructs browsers to always use HTTPS for future requests.

  • Protects against downgrade attacks.

How does certificate revocation work if Google’s certificate is compromised?

  • Certificate Revocation Lists (CRL).

  • Online Certificate Status Protocol (OCSP).

  • Most browsers use OCSP stapling for better performance.

  • Google also participates in Certificate Transparency logs for monitoring.

How is user privacy preserved in this request?

  • TLS encrypts request and response.

  • Secure cookie handling.

  • SameSite cookie policy.

  • Minimizing sensitive data in URL/query parameters.

  • Strict access controls on server logs/data.

Category 5: Product Management Context

What product KPIs would you monitor for Google Search homepage?

  • Search query submission rate.

  • Homepage load time (LCP, FCP).

  • Error rate (5xx, 4xx).

  • Session start conversion.

  • User retention/return visits.

  • Personalization accuracy.

  • Ad engagement metrics.

As a PM, how would you prioritize latency vs personalization?

  • Personalization adds value but must not noticeably degrade latency.

  • Use edge-based lightweight personalization for homepage.

  • Delay heavy personalization until search results page (progressive personalization).

  • Prioritize latency for first interaction to maximize user trust.

How would you approach A/B testing a new Google homepage design?

  • Start with limited geo or account cohorts.

  • Measure:

    • Engagement

    • Query rates

    • Time to search submission

    • Ad click-through rates

    • Error rates

  • Ensure statistical significance.

  • Fail-fast for negative trends.

How would you detect if users are experiencing high latency?

  • Real User Monitoring (RUM) from browser clients.

  • Synthetic monitoring (bots measuring global latencies).

  • Backend metrics (request/response times).

  • User complaints, customer feedback channels.


    How would you quantify the business impact of 100ms latency improvement?

  • Historical correlation studies (Google has published: 100ms latency ➔ 1% revenue loss).

  • Measure conversion uplift.

  • Reduced bounce rates.

  • Increased ad impressions.

  • Higher user satisfaction (NPS).

Edge Cases / Failure Scenarios

What happens if one of the requests for resources fails?

  • Browser handles missing resources gracefully.

  • Fallbacks in CSS.

  • Critical rendering path prioritizes core assets.

  • Error logs collected for troubleshooting.

How does the browser handle DNS poisoning or man-in-the-middle attacks?

  • DNSSEC helps verify DNS integrity.

  • TLS protects against MitM during data exchange.

  • Certificate verification ensures server identity.

  • Browsers maintain strict certificate pinning for highly trusted domains.

What happens if the client has an outdated SSL certificate store?

  • The browser may reject Google’s certificate as untrusted.

  • User receives security warning (e.g., “Your connection is not private”).

  • Updating OS/browser usually resolves this.

What happens if someone tries to access http://google.com instead of https://?

  • Google automatically redirects HTTP requests to HTTPS (301 redirect).

  • HSTS ensures future requests go directly to HTTPS.

  • Redirection happens very quickly to minimize security exposure.

Shruti Salunkhe