When detecting phishing websites, both humans and computers rely on aspects of the website (features) to aid in their decision making. In this work, we conduct a review of URL-based phishing features that appear in publications targeting humanfacing and automated anti-phishing approaches. We focus on both humans and computers to obtain a more comprehensive feature list and create a cross-community foundation for future research. We reviewed 94 papers and categorise their features into: lexical, host, rank, redirection, certificate, search engine, and black/white lists. We find that research on automation has used all feature categories but several, such as host-based features (e.g. DNS), are minimally explored in human-facing anti-phishing research.