Skip to main content
Home/Glossary/URL Redirection

URL Redirection

A technique that forwards users from one URL to another, often used for site migrations or link shortening.

Web SecurityAlso called: "http redirect", "url forwarding"

Redirects guide browsers and search engines to the correct destination.

Types of redirects

  • 301 (Permanent): Old URL replaced forever (passes SEO value).
  • 302 (Temporary): Short-term redirect (does not pass SEO value).
  • 303 (See Other): POST request redirected to GET.
  • 307/308: Preserve HTTP method in redirect.

Security risks

  • Open redirects: Attacker-controlled destination can be used for phishing.
  • Redirect chains: Multiple hops slow performance and confuse users.
  • Unvalidated redirects: Can bypass authentication or access controls.

Best practices

  • Validate destination URLs against allowlist.
  • Limit redirect chains to 3-5 hops maximum.
  • Use 301 for permanent moves, 302 for temporary.

Related Tools

Related Articles

View all articles
What Is HSTS and Why Is It Important?

What Is HSTS and Why Is It Important?

Learn about HTTP Strict Transport Security, how it prevents man-in-the-middle attacks, HSTS preloading, and best practices for implementation.

Read article →
What is the difference between 301 and 302 redirects?

What is the difference between 301 and 302 redirects?

Understand the key differences between permanent (301) and temporary (302) HTTP redirects, and when to use each for SEO and user experience.

Read article →
Understanding URL Redirect Chains: HTTP 301, 302, and Multiple Hops

Understanding URL Redirect Chains: HTTP 301, 302, and Multiple Hops

Learn how URL redirect chains work with HTTP 301, 302, and 307 redirects. Understand how shortened URLs traverse multiple hops before reaching final destinations.

Read article →
Network Troubleshooting & Performance Optimization: OSI Model Systematic Approach

Network Troubleshooting & Performance Optimization: OSI Model Systematic Approach

Master systematic network troubleshooting using the OSI model. This guide covers DNS resolution, routing analysis, WAN optimization, TCP tuning, MAC address analysis, HTTP debugging, and capacity planning with practical tools and commands.

Read article →

Explore More Web Security

View all terms

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls how web pages can request resources from different domains, preventing unauthorized cross-site data access.

Read more →

Cross-Site Request Forgery (CSRF)

An attack that tricks a victim into submitting unauthorized requests using their authenticated session.

Read more →

Cross-Site Scripting (XSS)

A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Read more →

HTML Entity Encoding

A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.

Read more →

HTTP Cookie

Small pieces of data stored by web browsers, used for session management, personalization, and tracking.

Read more →

HTTP Security Headers

Response headers that enable browser security protections against common web attacks.

Read more →
Back to glossary