# Bad value X for attribute “href” on element “a”: Invalid host: Illegal character in domain: tab is not allowed.

> Canonical HTML version: https://rocketvalidator.com/html-validation/bad-value-x-for-attribute-href-on-element-a-invalid-host-illegal-character-in-domain-tab-is-not-allowed
> Attribution: Rocket Validator (https://rocketvalidator.com)
> License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)

URLs must conform to the [URL Living Standard](https://url.spec.whatwg.org/), which forbids tab characters (U+0009) within the host/domain portion of a URL. While some browsers may silently strip tabs and still navigate to the intended destination, this behavior is not guaranteed and should not be relied upon.

This issue typically arises from one of the following scenarios:

- **Copy-paste errors**: Copying a URL from a document, email, or spreadsheet that inadvertently includes tab characters.
- **Template or build tool formatting**: A templating engine or code generator inserting whitespace (including tabs) into a URL string, especially when the URL is constructed across multiple lines.
- **Manual typos**: Accidentally pressing the Tab key while editing an `href` value, particularly in editors that don't visualize whitespace.

Tab characters are invisible in most code editors by default, which makes this error frustrating to track down. Enabling "show whitespace" or "show invisible characters" in your editor can help you spot the offending character.

### Why this matters

- **Standards compliance**: The HTML specification requires that `href` values contain valid URLs. A tab in the domain makes the URL syntactically invalid.
- **Accessibility**: Screen readers and assistive technologies parse `href` values to announce link destinations. An invalid URL can lead to confusing or broken announcements.
- **Reliability**: While major browsers tend to be forgiving and strip tabs before resolving URLs, some HTTP clients, crawlers, or older browsers may not. This can cause broken links in unexpected contexts like RSS readers, email clients, or web scrapers.

### How to fix it

1. **Enable visible whitespace** in your editor to locate tab characters.
2. **Search for tab characters** in your `href` values. In many editors, you can use a regex search for `\t` within attribute values.
3. **Remove the tab characters** so the URL is a clean, continuous string with no embedded whitespace.
4. If URLs are **dynamically generated**, inspect the code that builds them to ensure no tabs or other whitespace are concatenated into the domain.

## Examples

### ❌ Incorrect: Tab character in the domain

In the example below, a tab character is embedded within the domain name (represented here as `&#9;` for visibility, though in source code it would be an actual invisible tab):

```html
<!-- The tab between "example" and ".com" causes the error -->
<a href="https://example	.com/page">Visit Example</a>
```

Note: The tab character between `example` and `.com` is invisible in most editors but triggers the validation error.

### ✅ Correct: Clean URL with no whitespace

```html
<a href="https://example.com/page">Visit Example</a>
```

### ❌ Incorrect: Tab introduced by multi-line URL construction in a template

This can happen when a URL is broken across lines in a template and tabs are used for indentation:

```html
<a href="https://
	example.com/page">Visit Example</a>
```

### ✅ Correct: URL on a single line with no embedded whitespace

```html
<a href="https://example.com/page">Visit Example</a>
```

### Tip: Finding hidden tabs

If you're having trouble locating the tab character, try pasting your `href` value into a tool that reveals character codes, or run a quick check in your browser's developer console:

```js
// Check for tabs in a URL string
const url = document.querySelector('a').getAttribute('href');
console.log(url.includes('\t')); // true if a tab is present
console.log(JSON.stringify(url)); // shows \t explicitly in the output
```