Home/Glossary/URL Redirection

URL Redirection

A technique that forwards users from one URL to another, often used for site migrations or link shortening.

Web SecurityAlso called: "http redirect", "url forwarding"

Redirects guide browsers and search engines to the correct destination.

Types of redirects

  • 301 (Permanent): Old URL replaced forever (passes SEO value).
  • 302 (Temporary): Short-term redirect (does not pass SEO value).
  • 303 (See Other): POST request redirected to GET.
  • 307/308: Preserve HTTP method in redirect.

Security risks

  • Open redirects: Attacker-controlled destination can be used for phishing.
  • Redirect chains: Multiple hops slow performance and confuse users.
  • Unvalidated redirects: Can bypass authentication or access controls.

Best practices

  • Validate destination URLs against allowlist.
  • Limit redirect chains to 3-5 hops maximum.
  • Use 301 for permanent moves, 302 for temporary.

Related Tools

Related Articles

View all articles
How URL Expansion Works: Following HTTP Redirect Chains Safely

How URL Expansion Works: Following HTTP Redirect Chains Safely

Learn the technical details of URL expansion and redirect chain following. Understand HTTP 301, 302, and 307 redirects and how URL expanders traverse multiple hops to reveal final destinations.

Read article →
How do redirects affect SEO and page speed?

How do redirects affect SEO and page speed?

Understand the SEO and performance implications of HTTP redirects, and learn best practices for minimizing their negative impact on your site.

Read article →
Should I redirect HTTP to HTTPS at the server or CDN level?

Should I redirect HTTP to HTTPS at the server or CDN level?

Understand the technical considerations and best practices for implementing HTTP to HTTPS redirects at the server versus CDN level.

Read article →
What is a redirect loop and how do I fix it?

What is a redirect loop and how do I fix it?

Learn what redirect loops are, why they occur, how to identify them, and the most effective methods to resolve them quickly.

Read article →

Explore More Web Security

View all terms

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls how web pages can request resources from different domains, preventing unauthorized cross-site data access.

Read more →

Cross-Site Request Forgery (CSRF)

An attack that tricks a victim into submitting unauthorized requests using their authenticated session.

Read more →

Cross-Site Scripting (XSS)

A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Read more →

HTML Entity Encoding

A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.

Read more →

HTTP Cookie

Small pieces of data stored by web browsers, used for session management, personalization, and tracking.

Read more →

HTTP Security Headers

Response headers that enable browser security protections against common web attacks.

Read more →
Back to glossary