The server generates and returns an arbitrary token, which is usually a hash or some other fingerprint from the contents on the file. The browser isn't going to must know how the fingerprint is created; it only needs to ship it to the server on the next ask for. Should https://elizabeths875amz9.wikihearsay.com/user