Web SecurityAlso called: "http redirect", "url forwarding"
Redirects guide browsers and search engines to the correct destination.
Types of redirects
- 301 (Permanent): Old URL replaced forever (passes SEO value).
- 302 (Temporary): Short-term redirect (does not pass SEO value).
- 303 (See Other): POST request redirected to GET.
- 307/308: Preserve HTTP method in redirect.
Security risks
- Open redirects: Attacker-controlled destination can be used for phishing.
- Redirect chains: Multiple hops slow performance and confuse users.
- Unvalidated redirects: Can bypass authentication or access controls.
Best practices
- Validate destination URLs against allowlist.
- Limit redirect chains to 3-5 hops maximum.
- Use 301 for permanent moves, 302 for temporary.
Explore More Web Security
View all termsCross-Site Request Forgery (CSRF)
An attack that tricks a victim into submitting unauthorized requests using their authenticated session.
Read more →Cross-Site Scripting (XSS)
A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Read more →HTML Entity Encoding
A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.
Read more →HTTP Cookie
Small pieces of data stored by web browsers, used for session management, personalization, and tracking.
Read more →HTTP Security Headers
Response headers that enable browser security protections against common web attacks.
Read more →JSON Web Token (JWT)
A compact, URL-safe token format used to securely transmit claims between parties in web applications.
Read more →