As of 4.10, URL field validations have become less strict in the front-end and improved validation was added to the back-end.
The URL field of an application configuration used to have strict validations, only allowing entries starting with http:// or https://. This is not common practice, and by adding confusion, non-descript error messages would appear saying that the URL was invalid.
There are no longer any validations done as the URL is entered into the web interface. Users no longer need to include http:// or https:// to their URLs, meaning that www.google.com or google.com are now allowed URLs, as well as local intranet domains like intranet.local.
In the back-end, validations are made to ensure there are no special characters. For example, https://!!.com is an invalid URL.