Edit count of the user (user_editcount) | null |
Name of the user account (user_name) | '182.0.229.15' |
Age of the user account (user_age) | 0 |
Groups (including implicit) the user is in (user_groups) | [
0 => '*'
] |
Rights that the user has (user_rights) | [
0 => 'createaccount',
1 => 'read',
2 => 'edit',
3 => 'createtalk',
4 => 'writeapi',
5 => 'viewmywatchlist',
6 => 'editmywatchlist',
7 => 'viewmyprivateinfo',
8 => 'editmyprivateinfo',
9 => 'editmyoptions',
10 => 'abusefilter-log-detail',
11 => 'urlshortener-create-url',
12 => 'centralauth-merge',
13 => 'abusefilter-view',
14 => 'abusefilter-log',
15 => 'vipsscaler-test'
] |
Whether the user is editing from mobile app (user_app) | false |
Whether or not a user is editing through the mobile interface (user_mobile) | true |
Page ID (page_id) | 636686 |
Page namespace (page_namespace) | 0 |
Page title without namespace (page_title) | 'URL redirection' |
Full page title (page_prefixedtitle) | 'URL redirection' |
Edit protection level of the page (page_restrictions_edit) | [] |
Last ten users to contribute to the page (page_recent_contributors) | [
0 => '182.0.229.15',
1 => 'Jochem van Hees',
2 => '117.197.56.128',
3 => 'ClueBot NG',
4 => '24.14.140.33',
5 => '174.131.97.134',
6 => 'Bkil',
7 => 'Jarble',
8 => 'John Maynard Friedman',
9 => 'Wdpp'
] |
Page age in seconds (page_age) | 548585252 |
Action (action) | 'edit' |
Edit summary/reason (summary) | '' |
Old content model (old_content_model) | 'wikitext' |
New content model (new_content_model) | 'wikitext' |
Old page wikitext, before the edit (old_wikitext) | '{{Short description|Technique for making a Web page available under more than one URL address}}
{{for|URL redirection on Wikipedia|Wikipedia:Redirect}}{{Use dmy dates|date=February 2020}}
'''URL redirection''', also called '''URL forwarding''', is a [[World Wide Web]] technique for making a [[web page]] available under more than one [[Uniform Resource Locator|URL]] address. When a [[web browser]] attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL [[Domain name|domain]] are redirected to a different domain, as when [http://www.wikipedia.com wikipedia.com] and [http://www.wikipedia.net wikipedia.net] are automatically redirected to [http://www.wikipedia.org wikipedia.org].
URL redirection is done for various reasons:
* for [[URL shortening]];
* to prevent [[link rot|broken links]] when web pages are moved;
* to allow multiple domain names belonging to the same owner to refer to a single [[website|web site]];
* to guide navigation into and out of a website;
* for privacy protection; and
* for hostile purposes such as [[phishing]] attacks or malware distribution.
== Purposes ==
There are several reasons to use URL redirection:
=== Similar domain names ===
<!-- Do NOT give any examples of misspelled domain names. "examlpe.com" currently leads to a site that tries to load malware on your computer. -->
A user might mistype a URL. Organizations often register these "misspelled" domains and redirect them to the "correct" location. This technique is often used to "reserve" other [[top-level domain]]s (TLD) with the same name, or make it easier for a ".edu" or ".net" site to accommodate users who type ".com".
=== Logging outgoing links ===
The access logs of most web servers keep detailed information about where visitors came from and how they browsed the hosted site. They do not, however, log which links visitors left by. This is because the visitor's browser has no need to communicate with the original server when the visitor clicks on an outgoing link. This information can be captured in several ways. One way involves URL redirection. Instead of sending the visitor straight to the other site, links on the site can direct to a URL on the original website's domain that automatically redirects to the real target. This technique bears the downside of the delay caused by the additional request to the original website's server. As this added request will leave a trace in the server log, revealing exactly which link was followed, it can also be a privacy issue.<ref name="NtrEdf" /> The same technique is also used by some corporate websites to implement a statement that the subsequent content is at another site, and therefore not necessarily affiliated with the corporation. In such scenarios, displaying the warning causes an additional delay.
=== Short aliases for long URLs ===
{{Main|URL shortening}}
Web applications often include lengthy descriptive attributes in their URLs which represent data hierarchies, command structures, transaction paths and session information. This practice results in a URL that is aesthetically unpleasant and difficult to remember, and which may not fit within the size limitations of [[microblogging]] sites. [[URL shortening]] services provide a solution to this problem by redirecting a user to a longer URL from a shorter one.<ref name="NtrEdf" />
=== Meaningful, persistent aliases for long or changing URLs ===
{{See also|Permalink|PURL|Link rot}}
Sometimes the URL of a page changes even though the content stays the same. Therefore, URL redirection can help users who have bookmarks. This is routinely done on Wikipedia whenever a page is renamed.
=== Device targeting and geotargeting ===
Redirects can be effectively used for targeting purposes like [[geotargeting]]. Device targeting has become increasingly important with the rise of mobile clients. There are two approaches to serve mobile users: Make the website [[responsive web design|responsive]] or redirect to a mobile website version. If a mobile website version is offered, users with mobile clients will be automatically forwarded to the corresponding mobile content. For device targeting, client-side redirects or non-cacheable server-side redirects are used. Geotargeting is the approach to offer localized content and automatically forward the user to a localized version of the requested URL. This is helpful for websites that target audience in more than one location and/or language. Usually server-side redirects are used for Geotargeting but client-side redirects might be an option as well, depending on requirements.<ref name="KFihp" />
=== Manipulating search engines ===
Redirects have been used to manipulate search engines with unethical intentions, e.g., [[URL hijacking]]. The goal of misleading redirects is to drive search traffic to landing pages, which do not have enough ranking power on their own or which are only remotely or not at all related to the search target. The approach requires a rank for a range of search terms with a number of URLs that would utilize sneaky redirects to forward the searcher to the target page. This method had a revival with the uprise of mobile devices and device targeting. URL hijacking is an off-domain redirect technique<ref name="NAY3X" /> that exploited the nature of the search engine's handling for temporary redirects. If a temporary redirect is encountered, search engines have to decide whether they assign the ranking value to the URL that initializes the redirect or to the redirect target URL. The URL that initiates the redirect may be kept to show up in search results, as the redirect indicates a temporary nature. Under certain circumstances it was possible to exploit this behavior by applying temporary redirects to well-ranking URLs, leading to a replacement of the original URL in search results by the URL that initialized the redirect, therefore "stealing" the ranking. This method was usually combined with sneaky redirects to re-target the user stream from the search results to a target page. Search engines have developed efficient technologies to detect these kinds of manipulative approaches. Major search engines usually apply harsh ranking penalties on sites that get caught applying techniques like these.<ref name="vMaE1" />
=== Manipulating visitors ===
URL redirection is sometimes used as a part of [[phishing]] attacks that confuse visitors about which web site they are visiting.<ref name="XP9Dh" /> Because modern browsers always show the real URL in the address bar, the threat is lessened. However, redirects can also take you to sites that will otherwise attempt to attack in other ways. For example, a redirect might take a user to a site that would attempt to trick them into downloading antivirus software and installing a [[Trojan horse (computing)|Trojan]] of some sort instead.
=== Removing <code>referrer</code> information ===
When a link is clicked, the browser sends along in the [[HTTP request]] a field called [[HTTP referer|referer]] which indicates the source of the link. This field is populated with the URL of the current web page, and will end up in the [[server log|logs]] of the server serving the external link. Since sensitive pages may have sensitive URLs (for example, <code><nowiki>http://company.com/plans-for-the-next-release-of-our-product</nowiki></code>), it is not desirable for the <code>referrer</code> URL to leave the organization. A redirection page that performs [[Referer#Referrer hiding|referrer hiding]] could be embedded in all external URLs, transforming for example <code><nowiki>http://externalsite.com/page</nowiki></code> into <code><nowiki>http://redirect.company.com/http://externalsite.com/page</nowiki></code>. This technique also eliminates other potentially sensitive information from the referrer URL, such as the [[session ID]], and can reduce the chance of [[phishing]] by indicating to the end user that they passed a clear gateway to another site.
== Implementation ==
Several different kinds of response to the browser will result in a redirection. These vary in whether they affect [[HTTP headers]] or HTML content. The techniques used typically depend on the role of the person implementing it and their access to different parts of the system. For example, a web author with no control over the headers might use a [[meta refresh|Refresh meta tag]] whereas a web server administrator redirecting all pages on a site is more likely to use server configuration.
=== Manual redirect ===
The simplest technique is to ask the visitor to follow a link to the new page, usually using an HTML anchor like:
<syntaxhighlight lang="html4strict">
Please follow <a href="http://www.example.com/">this link</a>.
</syntaxhighlight>
This method is often used as a fall-back — if the browser does not support the automatic redirect, the visitor can still reach the target document by following the link.
=== HTTP status codes 3xx ===
In the [[HTTP]] [[Protocol (computing)|protocol]] used by the [[World Wide Web]], a '''redirect''' is a response with a [[List of HTTP status codes|status code]] beginning with ''3'' that causes a browser to display a different page. If a client encounters a redirect, it needs to make a number of decisions how to handle the redirect. Different status codes are used by clients to understand the purpose of the redirect, how to handle caching and which request method to use for the subsequent request.
HTTP/1.1 defines several status codes for redirection (RFC 7231):
* [[HTTP 300|300 multiple choices]] (e.g. offer different languages)
* [[HTTP 301|301 moved permanently]] (redirects permanently from one URL to another passing link equity to the redirected page)
* [[HTTP 302|302 found]] (originally "temporary redirect" in HTTP/1.0 and popularly used for CGI scripts; superseded by 303 and 307 in HTTP/1.1 but preserved for backward compatibility)
* [[HTTP 303|303 see other]] (forces a GET request to the new URL even if original request was POST)
* [[HTTP 307|307 temporary redirect]] (provides a new URL for the browser to resubmit a GET or POST request)
* [[HTTP 308|308 permanent redirect]] (provides a new URL for the browser to resubmit a GET or POST request)
Status codes [[HTTP 304|304 not modified]] and [[HTTP 305|305 use proxy]] are not redirects.
{| class="wikitable"
|+ {{Anchor|Redirect_status_codes_and_characteristics}} Redirect status codes and characteristics<ref name="G1Lfc" />
|-
! HTTP Status Code !! HTTP Version !! Temporary / Permanent !! Cacheable !! Request Method Subsequent Request
|-
| 301 || HTTP/1.0 || Permanent || {{yes}} || GET / POST may change
|-
| 302 || HTTP/1.0 || Temporary || {{no2|not by default}} || GET / POST may change
|-
| 303 || HTTP/1.1 || Temporary || {{no|never}} || always GET
|-
| 307 || HTTP/1.1 || Temporary || {{no2|not by default}} || may not change
|-
| 308 || HTTP/1.1 || Permanent || {{yes2|by default}} || may not change
|-
|}
All of these status codes require the URL of the redirect target to be given in the Location: header of the HTTP response. The 300 multiple choices will usually list all choices in the body of the message and show the default choice in the Location: header.
==== Example HTTP response for a 301 redirect ====
A [[HTTP]] response with the 301 "moved permanently" redirect looks like this:
<syntaxhighlight lang="http">
HTTP/1.1 301 Moved Permanently
Location: http://www.example.org/
Content-Type: text/html
Content-Length: 174
<html>
<head>
<title>Moved</title>
</head>
<body>
=Moved=
<p>This page has moved to <a href="http://www.example.org/">http://www.example.org/</a>.</p>
</body>
</html>
</syntaxhighlight>
==== Using server-side scripting for redirection ====
Web authors producing HTML content can't usually create redirects using HTTP headers as these are generated automatically by the web server program when serving an HTML file. The same is usually true even for programmers writing CGI scripts, though some servers allow scripts to add custom headers (e.g. by enabling "non-parsed-headers"). Many web servers will generate a 3xx status code if a script outputs a "Location:" header line. For example, in [[PHP]], one can use the "header" function:
<syntaxhighlight lang="php">
header('HTTP/1.1 301 Moved Permanently');
header('Location: http://www.example.com/');
exit();
</syntaxhighlight>
More headers may be required to prevent caching.<ref name="php-301-robust-solution" /> The programmer must ensure that the headers are output before the body. This may not fit easily with the natural flow of control through the code. To help with this, some frameworks for server-side content generation can buffer the body data. In the [[Active Server Pages|ASP scripting]] language, this can also be accomplished using <code>response.buffer=true</code> and <code>response.redirect <nowiki>"http://www.example.com/"</nowiki></code> HTTP/1.1 allows for either a relative URI reference or an absolute URI reference.<ref name="venDA" /> If the URI reference is relative the client computes the required absolute URI reference according to the rules defined in RFC 3986.<ref name="3Y1IG" />
==== Apache HTTP Server mod_rewrite{{anchor|mod_rewrite}} ====
The [[Apache HTTP Server]] mod_alias extension can be used to redirect certain requests. Typical configuration directives look like:
<syntaxhighlight lang="apache">
Redirect permanent /oldpage.html http://www.example.com/newpage.html
Redirect 301 /oldpage.html http://www.example.com/newpage.html
</syntaxhighlight>
For more flexible [[URL rewriting]] and redirection, Apache mod_rewrite can be used. E.g., to redirect a requests to a canonical domain name:
<syntaxhighlight lang="apache">
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([^.:]+\.)*oldsite\.example\.com\.?(:[0-9]*)?$ [NC]
RewriteRule ^(.*)$ http://newsite.example.net/$1 [R=301,L]
</syntaxhighlight>
Such configuration can be applied to one or all sites on the server through the server configuration files or to a single content directory through a <code>[[.htaccess]]</code> file.
==== nginx rewrite ====
[[Nginx]] has an integrated http rewrite module,<ref name="T6lN6" /> which can be used to perform advanced URL processing and even web-page generation (with the <code>return</code> directive). A showing example of such advanced use of the rewrite module is [http://mdoc.su/ mdoc.su], which implements a deterministic [[URL shortening]] service entirely with the help of nginx configuration language alone.<ref name="ltnoQ" /><ref name="sjHzb" />
For example, if a request for <code>[https://www.dragonflybsd.org/cgi/web-man?command=HAMMER§ion=5 /DragonFlyBSD/HAMMER.5]</code> were to come along, it would first be redirected internally to <code>/d/HAMMER.5</code> with the first rewrite directive below (only affecting the internal state, without any HTTP replies issued to the client just yet), and then with the second rewrite directive, an [[HTTP response]] with a [[HTTP 302|302 Found status code]] would be issued to the client to actually redirect to the external [[Common Gateway Interface|cgi script]] of web-[[man page|man]]:<ref name="y0ZUF" />
<syntaxhighlight lang="nginx">
location /DragonFly {
rewrite ^/DragonFly(BSD)?([,/].*)?$ /d$2 last;
}
location /d {
set $db "http://leaf.dragonflybsd.org/cgi/web-man?command=";
set $ds "§ion=";
rewrite ^/./([^/]+)\.([1-9])$ $db$1$ds$2 redirect;
}
</syntaxhighlight>
=== Refresh Meta tag and HTTP refresh header ===
[[Netscape]] introduced the [[meta refresh]] feature which refreshes a page after a certain amount of time. This can specify a new URL to replace one page with another. This is supported by most web browsers.<ref name="iFTFs" /><ref name="BEKGZ" /> A timeout of zero seconds effects an immediate redirect. This is treated like a 301 permanent redirect by Google, allowing transfer of PageRank to the target page.<ref name="DOOOW" />
This is an example of a simple HTML document that uses this technique:
<syntaxhighlight lang="html4strict">
<html>
<head>
<meta http-equiv="Refresh" content="0; url=http://www.example.com/" />
</head>
<body>
<p>Please follow <a href="http://www.example.com/">this link</a>.</p>
</body>
</html>
</syntaxhighlight>
This technique can be used by [[Web designer|web authors]] because the meta tag is contained inside the document itself. The meta tag must be placed in the "head" section of the HTML file. The number "0" in this example may be replaced by another number to achieve a delay of that many seconds. The anchor in the "body" section is for users whose browsers do not support this feature.
The same effect can be achieved with an HTTP <code>refresh</code> header:
<syntaxhighlight lang="http">
HTTP/1.1 200 OK
Refresh: 0; url=http://www.example.com/
Content-Type: text/html
Content-Length: 78
Please follow <a href="http://www.example.com/">this link</a>.
</syntaxhighlight>
This response is easier to generate by CGI programs because one does not need to change the default status code.
Here is a simple CGI program that effects this redirect:
<syntaxhighlight lang="perl">
# !/usr/bin/perl
print "Refresh: 0; url=http://www.example.com/\r\n";
print "Content-Type: text/html\r\n";
print "\r\n";
print "Please follow <a href=\"http://www.example.com/\">this link</a>!"
</syntaxhighlight>
Note: Usually, the HTTP server adds the status line and the Content-Length header automatically.
The [[World Wide Web Consortium|W3C]] discourage the use of meta refresh, since it does not communicate any information about either the original or new resource, to the browser (or [[search engine]]). The W3C's Web Content Accessibility Guidelines (7.4)<ref name="DO1Os" /> discourage the creation of auto-refreshing pages, since most web browsers do not allow the user to disable or control the refresh rate. Some articles that they have written on the issue include [http://www.w3.org/TR/WAI-WEBCONTENT/#gl-movement W3C Web Content Accessibility Guidelines (1.0): Ensure user control of time-sensitive content changes], Use standard redirects: don't break the back button!<ref name="sEvbk" /> and Core Techniques for Web Content Accessibility Guidelines 1.0 section 7.<ref name="V6sLN" />
=== JavaScript redirects ===
[[JavaScript]] can cause a redirect by setting the <code>window.location</code> attribute, e.g.:
<syntaxhighlight lang="ecmascript">
window.location='http://www.example.com/'
</syntaxhighlight>
Normally JavaScript pushes the redirector site's [[URL]] to the browser's history. It can cause redirect loops when users hit the back button. With the following command you can prevent this type of behaviour.<ref name="knBmq" />
<syntaxhighlight lang="ecmascript">
window.location.replace('http://www.example.com/')
</syntaxhighlight>
However, HTTP headers or the refresh meta tag may be preferred for security reasons and because JavaScript will not be executed by some browsers and many [[web crawler]]s.
=== Frame redirects ===
A slightly different effect can be achieved by creating an inline [[Frame (World Wide Web)|frame]]:
<syntaxhighlight lang="html4strict">
<iframe height="100%" width="100%" src="http://www.example.com/">
Please follow <a href="http://www.example.com/">link</a>.
</iframe>
</syntaxhighlight>
One main difference to the above redirect methods is that for a frame redirect, the browser displays the URL of the frame document and not the URL of the target page in the URL bar. This ''cloaking'' technique may be used so that the reader sees a more memorable URL or to fraudulently conceal a [[phishing]] site as part of [[website spoofing]].<ref name="G9pV6" />
Before HTML5,<ref name="zW4Ol" /> the same effect could be done with an [[Framing (World Wide Web)|HTML frame]] that contains the target page:
<syntaxhighlight lang="html4strict">
<frameset rows="100%">
<frame src="http://www.example.com/">
<noframes>
<body>Please follow <a href="http://www.example.com/">link</a>.</body>
</noframes>
</frameset>
</syntaxhighlight>
=== Redirect chains ===
One redirect may lead to another. For example, the URL "http://wikipedia.com" (with "*.com" as domain) is first redirected to https://www.wikipedia.org/ (with domain name in [[.org]]), where you can navigate to the [https://en.wikipedia.org/ language-specific site]. This is unavoidable if the different links in the chain are served by different servers though it should be minimised by ''[[rewriting]]'' the URL as much as possible on the server before returning it to the browser as a redirect.
Wikipedia has been redirecting its pages to HTTPS by default since 2015.<ref name="wszci" />
=== Redirect loops ===
Sometimes a mistake can cause a page to end up redirecting back to itself, possibly via other pages, leading to an infinite sequence of redirects. Browsers should stop redirecting after a certain number of hops and display an error message.
The HTTP/1.1 Standard states:<ref name="rfc7231sec6.4" />
<blockquote>
A client ''SHOULD'' detect and intervene in cyclical redirections (i.e., "infinite" redirection loops).
Note: An earlier version of this specification recommended a maximum of five redirections ([RFC 2068], Section 10.3). Content developers need to be aware that some clients might implement such a fixed limitation.
</blockquote>
Note that the URLs in the sequence might not repeat, e.g.: http://www.example.com/1{{Dead link|date=September 2019 |bot=InternetArchiveBot |fix-attempted=yes }} -> http://www.example.com/2{{Dead link|date=September 2019 |bot=InternetArchiveBot |fix-attempted=yes }} -> http://www.example.com/3{{Dead link|date=September 2019 |bot=InternetArchiveBot |fix-attempted=yes }} ...
== Services ==
There exist services that can perform URL redirection on demand, with no need for technical work or access to the web server your site is hosted on.
=== URL redirection services ===
A '''redirect service''' is an information management system, which provides an internet link that redirects users to the desired content. The typical benefit to the user is the use of a memorable domain name, and a reduction in the length of the URL or web address. A redirecting link can also be used as a permanent address for content that frequently changes hosts, similarly to the [[Domain Name System]]. Hyperlinks involving URL redirection services are frequently used in spam messages directed at blogs and wikis. Thus, one way to reduce spam is to reject all edits and comments containing hyperlinks to known URL redirection services; however, this will also remove legitimate edits and comments and may not be an effective method to reduce spam.
Recently, URL redirection services have taken to using [[AJAX]] as an efficient, user friendly method for creating shortened URLs. A major drawback of some URL redirection services is the use of delay pages, or frame based advertising, to generate revenue.
==== History ====
The first redirect services took advantage of [[top-level domains]] (TLD) such as "[[.to]]" (Tonga), "[[.at]]" (Austria) and "[[.is]]" (Iceland). Their goal was to make memorable URLs. The first mainstream redirect service was V3.com that boasted 4 million users at its peak in 2000. V3.com success was attributed to having a wide variety of short memorable domains including "r.im", "go.to", "i.am", "come.to" and "start.at". V3.com was acquired by FortuneCity.com, a large free web hosting company, in early 1999.<ref name="2Died" /> As the sales price of top level domains started falling from $70.00 per year to less than $10.00, use of redirection services declined. With the launch of [[TinyURL]] in 2002 a new kind of redirecting service was born, namely [[URL shortening]]. Their goal was to make long URLs short, to be able to post them on internet forums. Since 2006, with the 140 character limit on the extremely popular [[Twitter]] service, these short URL services have been heavily used.
=== Referrer masking ===
Redirection services can hide the [[referrer]] by placing an intermediate page between the page the link is on and its destination. Although these are conceptually similar to other URL redirection services, they serve a different purpose, and they rarely attempt to shorten or obfuscate the destination URL (as their only intended side-effect is to hide referrer information and provide a clear gateway between other websites.) This type of redirection is often used to prevent potentially-malicious links from gaining information using the referrer, for example a [[session ID]] in the query string. Many large community websites use link redirection on external links to lessen the chance of an exploit that could be used to steal account information, as well as make it clear when a user is leaving a service, to lessen the chance of effective [[phishing]] .
Here is a simplistic example of such a service, written in [[PHP]].
<syntaxhighlight lang="html+php">
<?php
$url = htmlspecialchars($_GET['url']);
header('Refresh: 0; url=https://' . $url);
?>
<!-- Fallback using meta refresh. -->
<html>
<head>
<title>Redirecting...</title>
<meta http-equiv="refresh" content="0;url=https://<?= $url; ?>">
</head>
<body>
Attempting to redirect to <a href="https://<?= $url; ?>">https://<?= $url; ?></a>.
</body>
</html>
</syntaxhighlight>
The above example does not check who called it (e.g. by referrer, although that could be spoofed). Also, it does not check the URL provided. This means that a malicious person could link to the redirection page using a URL parameter of his/her own selection, from any page, which uses the web server's resources.
==Security issues==
URL redirection can be abused by attackers for [[phishing]] attacks, such as [[Open Redirect|open redirect]] and [[Covert Redirect|covert redirect]]. "An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation."<ref name="Open_Redirect" /> "Covert redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation."<ref name="Covert_Redirect" /> It was disclosed in May 2014 by a mathematical doctoral student Wang Jing from Nanyang Technological University, Singapore.<ref name="CNET" />
==See also==
* [[Canonical link element]]
* [[Canonical meta tag]]
* [[Domain masking]]
* [[Link rot]]
* [[Semantic URL]]
* [[URL normalization]]
==References==
{{reflist|refs=
<ref name="NtrEdf">{{cite journal | title = Google revives redirect snoopery | journal = Blog.anta.net | date = 29 January 2009 | url = http://blog.anta.net/2009/01/29/509/ | issn = 1797-1993 | archive-url=https://web.archive.org/web/20110817024348/http://blog.anta.net/2009/01/29/509/ | archive-date=17 August 2011}}</ref>
<ref name="php-301-robust-solution">{{cite web|url=http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution/ |title=PHP Redirects: 302 to 301 Rock Solid Robust Solution |publisher=WebSiteFactors.co.uk |archive-url=https://web.archive.org/web/20121012042703/http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution |archive-date=12 October 2012}}</ref>
<ref name="rfc7231sec6.4">{{cite IETF | title = Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content | rfc = 7231 | section = 6.4 | sectionname = Redirection 3xx | page = 54 | editor1 = Roy T. Fielding | editor1-link = Roy Fielding | editor2 = Julian F. Reschke | year = 2014 | publisher = [[Internet Engineering Task Force|IETF]]}}</ref>
<ref name="Open_Redirect">{{cite web | url=https://www.owasp.org/index.php/Open_redirect | title=Open Redirect |publisher= OWASP |date=16 March 2014 | access-date=21 December 2014}}</ref>
<ref name="Covert_Redirect">{{cite web | url=http://tetraph.com/covert_redirect/ | title=Covert Redirect |publisher= Tetraph |date=1 May 2014 | access-date=21 December 2014}}</ref>
<ref name="CNET">{{cite web | url=https://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/ | title=Serious security flaw in OAuth, OpenID discovered |publisher= CNET |date=2 May 2014 | access-date=21 December 2014}}</ref>
<ref name="KFihp">{{Cite web |url=https://audisto.com/insights/guides/31/ |title=Redirects & SEO - The Total Guide |access-date=29 November 2015 |publisher=Audisto}}</ref>
<ref name="NAY3X">{{cite web|url=https://www.mattcutts.com/blog/seo-advice-discussing-302-redirects/ |title=SEO advice: discussing 302 redirects |date=4 January 2006 |publisher=Matt Cutts, former Head of Google Webspam Team}}</ref>
<ref name="vMaE1">{{cite web|url=https://support.google.com/webmasters/answer/2721217?hl=en |title=Sneaky Redirects |date=3 December 2015 |publisher=Google Webmaster Guidelines}}</ref>
<ref name="XP9Dh">{{cite web|url=https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet |title=Unvalidated Redirects and Forwards Cheat Sheet |date=21 August 2014 |publisher=Open Web Application Security Project (OWASP)}}</ref>
<ref name="G1Lfc">{{Cite web |url=https://audisto.com/insights/guides/31/ |title=Redirects & SEO - The Complete Guide |access-date=29 November 2015 |publisher=Audisto}}</ref>
<ref name="venDA">{{cite IETF | title = Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content | rfc = 7231 | section = 7.1.2 | sectionname = Location | page = 68 | editor1 = Roy T. Fielding | editor2 = Julian F. Reschke | year = 2014 | publisher = [[Internet Engineering Task Force|IETF]]}}</ref>
<ref name="3Y1IG">{{cite IETF | title = Uniform Resource Identifier (URI): Generic Syntax | rfc = 3986 | section = 5 | sectionname = Reference Resolution | page = 28 | first1 = Tim | last1 = Berners-Lee | author1-link = Tim Berners-Lee | first2 = Roy T. | last2 = Fielding | author2-link = Roy Fielding | first3 = Larry | last3 = Masinter | year = 2005 | publisher = [[Internet Engineering Task Force|IETF]]}}</ref>
<ref name="T6lN6">{{cite web|url=http://nginx.org/r/rewrite |title=Module ngx_http_rewrite_module - rewrite |publisher=nginx.org |access-date=24 December 2014}}</ref>
<ref name="ltnoQ">{{cite mailing list |date=18 February 2013 |url=http://mailman.nginx.org/pipermail/nginx/2013-February/037592.html |mailing-list=nginx@nginx.org |title=A dynamic web-site written wholly in nginx.conf? Introducing mdoc.su! |first=Constantine A. |last=Murenin |access-date=24 December 2014}}</ref>
<ref name="sjHzb">{{cite web |url=http://mdoc.su/ |title=mdoc.su – Short manual page URLs for FreeBSD, OpenBSD, NetBSD and DragonFly BSD |first=Constantine A. |last=Murenin |date=23 February 2013 |access-date=25 December 2014}}</ref>
<ref name="y0ZUF">{{cite web |url=http://nginx.conf.mdoc.su/mdoc.su.nginx.conf |title=mdoc.su.nginx.conf |first=Constantine A. |last=Murenin |date=23 February 2013 |access-date=25 December 2014}}</ref>
<ref name="iFTFs">{{cite web|url=https://www.w3schools.com/tags/tag_meta.asp|title=HTML meta tag|website=www.w3schools.com}}</ref>
<ref name="BEKGZ">{{cite web|url=http://wp.netscape.com/assist/net_sites/pushpull.html|title=An Exploration of Dynamic Documents|date=2 August 2002|url-status=bot: unknown|archive-url=https://web.archive.org/web/20020802170847/http://wp.netscape.com/assist/net_sites/pushpull.html|archive-date=2 August 2002|df=dmy-all}}</ref>
<ref name="DOOOW">[http://sebastians-pamphlets.com/google-and-yahoo-treat-undelayed-meta-refresh-as-301-redirect/ "Google and Yahoo accept undelayed meta refreshs as 301 redirects"]. Sebastian's Pamphlets. 3 September 2007.</ref>
<ref name="DO1Os">{{cite web|url=http://www.w3.org/TR/WAI-WEBCONTENT/#tech-no-periodic-refresh|title=Web Content Accessibility Guidelines 1.0|website=www.w3.org}}</ref>
<ref name="sEvbk">{{cite web|url=http://www.w3.org/QA/Tips/reback|title=Use standard redirects|first=the QA|last=Team|website=www.w3.org}}</ref>
<ref name="V6sLN">{{cite web|url=http://www.w3.org/TR/WCAG10-CORE-TECHS/#auto-page-refresh|title=Core Techniques for Web Content Accessibility Guidelines 1.0|website=www.w3.org}}</ref>
<ref name="knBmq">{{cite web|url=http://insider.zone/tools/client-side-url-redirect-generator/|title=Cross-browser client side URL redirect generator|publisher=Insider Zone}}</ref>
<ref name="G9pV6">Aaron Emigh (19 January 2005). [http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf "Anti-Phishing Technology"] {{Webarchive|url=https://web.archive.org/web/20070927171420/http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf |date=27 September 2007}} (PDF). Radix Labs.</ref>
<ref name="zW4Ol">{{cite web|url=https://www.w3.org/TR/html5/obsolete.html|title=HTML 5.2: 11. Obsolete features|website=www.w3.org}}</ref>
<ref name="wszci">[https://venturebeat.com/2015/06/12/wikipedia-to-start-using-secure-https-by-default-for-all-users/ Wikipedia to start using secure HTTPS by default for all users] VentureBeat article, 12 June 2015</ref>
<ref name="2Died">{{cite news | url=http://news.bbc.co.uk/2/hi/technology/6991719.stm | work=BBC News | title=Net gains for tiny Pacific nation | date=14 September 2007 | access-date=27 May 2010 | url-status=dead | archive-url=https://web.archive.org/web/20140512232450/http://news.bbc.co.uk/2/hi/technology/6991719.stm | archive-date=12 May 2014 | df=dmy-all}}</ref>
}}
==External links==
* [https://httpd.apache.org/docs/2.4/en/urlmapping.html Mapping URLs to Filesystem Locations - Apache HTTP Server Version 2.4]
* [http://www2007.org/workshops/paper_115.pdf Taxonomy of JavaScript Redirection Spam] (Microsoft Live Labs)
* [http://projects.webappsec.org/URL-Redirector-Abuse Security vulnerabilities in URL Redirectors] The Web Application Security Consortium Threat Classification
{{Spamming}}
{{DEFAULTSORT:Url Redirection}}
[[Category:URL]]
[[Category:Black hat search engine optimization]]
[[Category:Internet search]]
[[Category:Internet terminology]]' |
New page wikitext, after the edit (new_wikitext) | '{{Short description|Technique for making a Web page available under more than one URL address}}
{{for|URL redirection on Wikipedia|Wikipedia:Redirect}}{{Use dmy dates|date=February 2020}}
'''URL redirection''', also called '''URL forwarding''', is a [[World Wide Web]] technique for making a [[web page]] available under more than one [[Uniform Resource Locator|URL]] address. When a [[web browser]] attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL [[Domain name|domain]] are redirected to a different domain, as when [http://www.wikipedia.com wikipedia.com] and [http://www.wikipedia.net wikipedia.net] are automatically redirected to [http://www.wikipedia.org wikipedia.org].
URL redirection is done for various reasons:
* for [[URL shortening]];
* to prevent [[link rot|broken links]] when web pages are moved;
* to allow multiple domain names belonging to the same owner to refer to a single [[website|web site]];
* to guide navigation into and out of a website;
* for privacy protection; and
* for hostile purposes such as [[phishing]] attacks or malware distribution.
== Purposes ==
There are several reasons to use URL redirection:
=== Similar domain names ===
<!-- Do NOT give any examples of misspelled domain names. "examlpe.com" currently leads to a site that tries to load malware on your computer. -->
A user might mistype a URL. Organizations often register these "misspelled" domains and redirect them to the "correct" location. This technique is often used to "reserve" other [[top-level domain]]s (TLD) with the same name, or make it easier for a ".edu" or ".net" site to accommodate users who type ".com".
=== Short aliases for long URLs ===
{{Main|URL shortening}}
Web applications often include lengthy descriptive attributes in their URLs which represent data hierarchies, command structures, transaction paths and session information. This practice results in a URL that is aesthetically unpleasant and difficult to remember, and which may not fit within the size limitations of [[microblogging]] sites. [[URL shortening]] services provide a solution to this problem by redirecting a user to a longer URL from a shorter one.<ref name="NtrEdf" />
=== Meaningful, persistent aliases for long or changing URLs ===
{{See also|Permalink|PURL|Link rot}}
Sometimes the URL of a page changes even though the content stays the same. Therefore, URL redirection can help users who have bookmarks. This is routinely done on Wikipedia whenever a page is renamed.
=== Device targeting and geotargeting ===
Redirects can be effectively used for targeting purposes like [[geotargeting]]. Device targeting has become increasingly important with the rise of mobile clients. There are two approaches to serve mobile users: Make the website [[responsive web design|responsive]] or redirect to a mobile website version. If a mobile website version is offered, users with mobile clients will be automatically forwarded to the corresponding mobile content. For device targeting, client-side redirects or non-cacheable server-side redirects are used. Geotargeting is the approach to offer localized content and automatically forward the user to a localized version of the requested URL. This is helpful for websites that target audience in more than one location and/or language. Usually server-side redirects are used for Geotargeting but client-side redirects might be an option as well, depending on requirements.<ref name="KFihp" />
=== Manipulating search engines ===
Redirects have been used to manipulate search engines with unethical intentions, e.g., [[URL hijacking]]. The goal of misleading redirects is to drive search traffic to landing pages, which do not have enough ranking power on their own or which are only remotely or not at all related to the search target. The approach requires a rank for a range of search terms with a number of URLs that would utilize sneaky redirects to forward the searcher to the target page. This method had a revival with the uprise of mobile devices and device targeting. URL hijacking is an off-domain redirect technique<ref name="NAY3X" /> that exploited the nature of the search engine's handling for temporary redirects. If a temporary redirect is encountered, search engines have to decide whether they assign the ranking value to the URL that initializes the redirect or to the redirect target URL. The URL that initiates the redirect may be kept to show up in search results, as the redirect indicates a temporary nature. Under certain circumstances it was possible to exploit this behavior by applying temporary redirects to well-ranking URLs, leading to a replacement of the original URL in search results by the URL that initialized the redirect, therefore "stealing" the ranking. This method was usually combined with sneaky redirects to re-target the user stream from the search results to a target page. Search engines have developed efficient technologies to detect these kinds of manipulative approaches. Major search engines usually apply harsh ranking penalties on sites that get caught applying techniques like these.<ref name="vMaE1" />
=== Manipulating visitors ===
URL redirection is sometimes used as a part of [[phishing]] attacks that confuse visitors about which web site they are visiting.<ref name="XP9Dh" /> Because modern browsers always show the real URL in the address bar, the threat is lessened. However, redirects can also take you to sites that will otherwise attempt to attack in other ways. For example, a redirect might take a user to a site that would attempt to trick them into downloading antivirus software and installing a [[Trojan horse (computing)|Trojan]] of some sort instead.
=== Removing <code>referrer</code> information ===
When a link is clicked, the browser sends along in the [[HTTP request]] a field called [[HTTP referer|referer]] which indicates the source of the link. This field is populated with the URL of the current web page, and will end up in the [[server log|logs]] of the server serving the external link. Since sensitive pages may have sensitive URLs (for example, <code><nowiki>http://company.com/plans-for-the-next-release-of-our-product</nowiki></code>), it is not desirable for the <code>referrer</code> URL to leave the organization. A redirection page that performs [[Referer#Referrer hiding|referrer hiding]] could be embedded in all external URLs, transforming for example <code><nowiki>http://externalsite.com/page</nowiki></code> into <code><nowiki>http://redirect.company.com/http://externalsite.com/page</nowiki></code>. This technique also eliminates other potentially sensitive information from the referrer URL, such as the [[session ID]], and can reduce the chance of [[phishing]] by indicating to the end user that they passed a clear gateway to another site.
== Implementation ==
Several different kinds of response to the browser will result in a redirection. These vary in whether they affect [[HTTP headers]] or HTML content. The techniques used typically depend on the role of the person implementing it and their access to different parts of the system. For example, a web author with no control over the headers might use a [[meta refresh|Refresh meta tag]] whereas a web server administrator redirecting all pages on a site is more likely to use server configuration.
=== Manual redirect ===
The simplest technique is to ask the visitor to follow a link to the new page, usually using an HTML anchor like:
<syntaxhighlight lang="html4strict">
Please follow <a href="http://www.example.com/">this link</a>.
</syntaxhighlight>
This method is often used as a fall-back — if the browser does not support the automatic redirect, the visitor can still reach the target document by following the link.
=== HTTP status codes 3xx ===
In the [[HTTP]] [[Protocol (computing)|protocol]] used by the [[World Wide Web]], a '''redirect''' is a response with a [[List of HTTP status codes|status code]] beginning with ''3'' that causes a browser to display a different page. If a client encounters a redirect, it needs to make a number of decisions how to handle the redirect. Different status codes are used by clients to understand the purpose of the redirect, how to handle caching and which request method to use for the subsequent request.
HTTP/1.1 defines several status codes for redirection (RFC 7231):
* [[HTTP 300|300 multiple choices]] (e.g. offer different languages)
* [[HTTP 301|301 moved permanently]] (redirects permanently from one URL to another passing link equity to the redirected page)
* [[HTTP 302|302 found]] (originally "temporary redirect" in HTTP/1.0 and popularly used for CGI scripts; superseded by 303 and 307 in HTTP/1.1 but preserved for backward compatibility)
* [[HTTP 303|303 see other]] (forces a GET request to the new URL even if original request was POST)
* [[HTTP 307|307 temporary redirect]] (provides a new URL for the browser to resubmit a GET or POST request)
* [[HTTP 308|308 permanent redirect]] (provides a new URL for the browser to resubmit a GET or POST request)
Status codes [[HTTP 304|304 not modified]] and [[HTTP 305|305 use proxy]] are not redirects.
{| class="wikitable"
|+ {{Anchor|Redirect_status_codes_and_characteristics}} Redirect status codes and characteristics<ref name="G1Lfc" />
|-
! HTTP Status Code !! HTTP Version !! Temporary / Permanent !! Cacheable !! Request Method Subsequent Request
|-
| 301 || HTTP/1.0 || Permanent || {{yes}} || GET / POST may change
|-
| 302 || HTTP/1.0 || Temporary || {{no2|not by default}} || GET / POST may change
|-
| 303 || HTTP/1.1 || Temporary || {{no|never}} || always GET
|-
| 307 || HTTP/1.1 || Temporary || {{no2|not by default}} || may not change
|-
| 308 || HTTP/1.1 || Permanent || {{yes2|by default}} || may not change
|-
|}
All of these status codes require the URL of the redirect target to be given in the Location: header of the HTTP response. The 300 multiple choices will usually list all choices in the body of the message and show the default choice in the Location: header.
==== Example HTTP response for a 301 redirect ====
A [[HTTP]] response with the 301 "moved permanently" redirect looks like this:
<syntaxhighlight lang="http">
HTTP/1.1 301 Moved Permanently
Location: http://www.example.org/
Content-Type: text/html
Content-Length: 174
<html>
<head>
<title>Moved</title>
</head>
<body>
=Moved=
<p>This page has moved to <a href="http://www.example.org/">http://www.example.org/</a>.</p>
</body>
</html>
</syntaxhighlight>
==== Using server-side scripting for redirection ====
Web authors producing HTML content can't usually create redirects using HTTP headers as these are generated automatically by the web server program when serving an HTML file. The same is usually true even for programmers writing CGI scripts, though some servers allow scripts to add custom headers (e.g. by enabling "non-parsed-headers"). Many web servers will generate a 3xx status code if a script outputs a "Location:" header line. For example, in [[PHP]], one can use the "header" function:
<syntaxhighlight lang="php">
header('HTTP/1.1 301 Moved Permanently');
header('Location: http://www.example.com/');
exit();
</syntaxhighlight>
More headers may be required to prevent caching.<ref name="php-301-robust-solution" /> The programmer must ensure that the headers are output before the body. This may not fit easily with the natural flow of control through the code. To help with this, some frameworks for server-side content generation can buffer the body data. In the [[Active Server Pages|ASP scripting]] language, this can also be accomplished using <code>response.buffer=true</code> and <code>response.redirect <nowiki>"http://www.example.com/"</nowiki></code> HTTP/1.1 allows for either a relative URI reference or an absolute URI reference.<ref name="venDA" /> If the URI reference is relative the client computes the required absolute URI reference according to the rules defined in RFC 3986.<ref name="3Y1IG" />
==== Apache HTTP Server mod_rewrite{{anchor|mod_rewrite}} ====
The [[Apache HTTP Server]] mod_alias extension can be used to redirect certain requests. Typical configuration directives look like:
<syntaxhighlight lang="apache">
Redirect permanent /oldpage.html http://www.example.com/newpage.html
Redirect 301 /oldpage.html http://www.example.com/newpage.html
</syntaxhighlight>
For more flexible [[URL rewriting]] and redirection, Apache mod_rewrite can be used. E.g., to redirect a requests to a canonical domain name:
<syntaxhighlight lang="apache">
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([^.:]+\.)*oldsite\.example\.com\.?(:[0-9]*)?$ [NC]
RewriteRule ^(.*)$ http://newsite.example.net/$1 [R=301,L]
</syntaxhighlight>
Such configuration can be applied to one or all sites on the server through the server configuration files or to a single content directory through a <code>[[.htaccess]]</code> file.
==== nginx rewrite ====
[[Nginx]] has an integrated http rewrite module,<ref name="T6lN6" /> which can be used to perform advanced URL processing and even web-page generation (with the <code>return</code> directive). A showing example of such advanced use of the rewrite module is [http://mdoc.su/ mdoc.su], which implements a deterministic [[URL shortening]] service entirely with the help of nginx configuration language alone.<ref name="ltnoQ" /><ref name="sjHzb" />
For example, if a request for <code>[https://www.dragonflybsd.org/cgi/web-man?command=HAMMER§ion=5 /DragonFlyBSD/HAMMER.5]</code> were to come along, it would first be redirected internally to <code>/d/HAMMER.5</code> with the first rewrite directive below (only affecting the internal state, without any HTTP replies issued to the client just yet), and then with the second rewrite directive, an [[HTTP response]] with a [[HTTP 302|302 Found status code]] would be issued to the client to actually redirect to the external [[Common Gateway Interface|cgi script]] of web-[[man page|man]]:<ref name="y0ZUF" />
<syntaxhighlight lang="nginx">
location /DragonFly {
rewrite ^/DragonFly(BSD)?([,/].*)?$ /d$2 last;
}
location /d {
set $db "http://leaf.dragonflybsd.org/cgi/web-man?command=";
set $ds "§ion=";
rewrite ^/./([^/]+)\.([1-9])$ $db$1$ds$2 redirect;
}
</syntaxhighlight>
=== Refresh Meta tag and HTTP refresh header ===
[[Netscape]] introduced the [[meta refresh]] feature which refreshes a page after a certain amount of time. This can specify a new URL to replace one page with another. This is supported by most web browsers.<ref name="iFTFs" /><ref name="BEKGZ" /> A timeout of zero seconds effects an immediate redirect. This is treated like a 301 permanent redirect by Google, allowing transfer of PageRank to the target page.<ref name="DOOOW" />
This is an example of a simple HTML document that uses this technique:
<syntaxhighlight lang="html4strict">
<html>
<head>
<meta http-equiv="Refresh" content="0; url=http://www.example.com/" />
</head>
<body>
<p>Please follow <a href="http://www.example.com/">this link</a>.</p>
</body>
</html>
</syntaxhighlight>
This technique can be used by [[Web designer|web authors]] because the meta tag is contained inside the document itself. The meta tag must be placed in the "head" section of the HTML file. The number "0" in this example may be replaced by another number to achieve a delay of that many seconds. The anchor in the "body" section is for users whose browsers do not support this feature.
The same effect can be achieved with an HTTP <code>refresh</code> header:
<syntaxhighlight lang="http">
HTTP/1.1 200 OK
Refresh: 0; url=http://www.example.com/
Content-Type: text/html
Content-Length: 78
Please follow <a href="http://www.example.com/">this link</a>.
</syntaxhighlight>
This response is easier to generate by CGI programs because one does not need to change the default status code.
Here is a simple CGI program that effects this redirect:
<syntaxhighlight lang="perl">
# !/usr/bin/perl
print "Refresh: 0; url=http://www.example.com/\r\n";
print "Content-Type: text/html\r\n";
print "\r\n";
print "Please follow <a href=\"http://www.example.com/\">this link</a>!"
</syntaxhighlight>
Note: Usually, the HTTP server adds the status line and the Content-Length header automatically.
The [[World Wide Web Consortium|W3C]] discourage the use of meta refresh, since it does not communicate any information about either the original or new resource, to the browser (or [[search engine]]). The W3C's Web Content Accessibility Guidelines (7.4)<ref name="DO1Os" /> discourage the creation of auto-refreshing pages, since most web browsers do not allow the user to disable or control the refresh rate. Some articles that they have written on the issue include [http://www.w3.org/TR/WAI-WEBCONTENT/#gl-movement W3C Web Content Accessibility Guidelines (1.0): Ensure user control of time-sensitive content changes], Use standard redirects: don't break the back button!<ref name="sEvbk" /> and Core Techniques for Web Content Accessibility Guidelines 1.0 section 7.<ref name="V6sLN" />
=== JavaScript redirects ===
[[JavaScript]] can cause a redirect by setting the <code>window.location</code> attribute, e.g.:
<syntaxhighlight lang="ecmascript">
window.location='http://www.example.com/'
</syntaxhighlight>
Normally JavaScript pushes the redirector site's [[URL]] to the browser's history. It can cause redirect loops when users hit the back button. With the following command you can prevent this type of behaviour.<ref name="knBmq" />
<syntaxhighlight lang="ecmascript">
window.location.replace('http://www.example.com/')
</syntaxhighlight>
However, HTTP headers or the refresh meta tag may be preferred for security reasons and because JavaScript will not be executed by some browsers and many [[web crawler]]s.
=== Frame redirects ===
A slightly different effect can be achieved by creating an inline [[Frame (World Wide Web)|frame]]:
<syntaxhighlight lang="html4strict">
<iframe height="100%" width="100%" src="http://www.example.com/">
Please follow <a href="http://www.example.com/">link</a>.
</iframe>
</syntaxhighlight>
One main difference to the above redirect methods is that for a frame redirect, the browser displays the URL of the frame document and not the URL of the target page in the URL bar. This ''cloaking'' technique may be used so that the reader sees a more memorable URL or to fraudulently conceal a [[phishing]] site as part of [[website spoofing]].<ref name="G9pV6" />
Before HTML5,<ref name="zW4Ol" /> the same effect could be done with an [[Framing (World Wide Web)|HTML frame]] that contains the target page:
<syntaxhighlight lang="html4strict">
<frameset rows="100%">
<frame src="http://www.example.com/">
<noframes>
<body>Please follow <a href="http://www.example.com/">link</a>.</body>
</noframes>
</frameset>
</syntaxhighlight>
=== Redirect chains ===
One redirect may lead to another. For example, the URL "http://wikipedia.com" (with "*.com" as domain) is first redirected to https://www.wikipedia.org/ (with domain name in [[.org]]), where you can navigate to the [https://en.wikipedia.org/ language-specific site]. This is unavoidable if the different links in the chain are served by different servers though it should be minimised by ''[[rewriting]]'' the URL as much as possible on the server before returning it to the browser as a redirect.
Wikipedia has been redirecting its pages to HTTPS by default since 2015.<ref name="wszci" />
=== Redirect loops ===
Sometimes a mistake can cause a page to end up redirecting back to itself, possibly via other pages, leading to an infinite sequence of redirects. Browsers should stop redirecting after a certain number of hops and display an error message.
The HTTP/1.1 Standard states:<ref name="rfc7231sec6.4" />
<blockquote>
A client ''SHOULD'' detect and intervene in cyclical redirections (i.e., "infinite" redirection loops).
Note: An earlier version of this specification recommended a maximum of five redirections ([RFC 2068], Section 10.3). Content developers need to be aware that some clients might implement such a fixed limitation.
</blockquote>
Note that the URLs in the sequence might not repeat, e.g.: http://www.example.com/1{{Dead link|date=September 2019 |bot=InternetArchiveBot |fix-attempted=yes }} -> http://www.example.com/2{{Dead link|date=September 2019 |bot=InternetArchiveBot |fix-attempted=yes }} -> http://www.example.com/3{{Dead link|date=September 2019 |bot=InternetArchiveBot |fix-attempted=yes }} ...
== Services ==
There exist services that can perform URL redirection on demand, with no need for technical work or access to the web server your site is hosted on.
=== URL redirection services ===
A '''redirect service''' is an information management system, which provides an internet link that redirects users to the desired content. The typical benefit to the user is the use of a memorable domain name, and a reduction in the length of the URL or web address. A redirecting link can also be used as a permanent address for content that frequently changes hosts, similarly to the [[Domain Name System]]. Hyperlinks involving URL redirection services are frequently used in spam messages directed at blogs and wikis. Thus, one way to reduce spam is to reject all edits and comments containing hyperlinks to known URL redirection services; however, this will also remove legitimate edits and comments and may not be an effective method to reduce spam.
Recently, URL redirection services have taken to using [[AJAX]] as an efficient, user friendly method for creating shortened URLs. A major drawback of some URL redirection services is the use of delay pages, or frame based advertising, to generate revenue.
==== History ====
The first redirect services took advantage of [[top-level domains]] (TLD) such as "[[.to]]" (Tonga), "[[.at]]" (Austria) and "[[.is]]" (Iceland). Their goal was to make memorable URLs. The first mainstream redirect service was V3.com that boasted 4 million users at its peak in 2000. V3.com success was attributed to having a wide variety of short memorable domains including "r.im", "go.to", "i.am", "come.to" and "start.at". V3.com was acquired by FortuneCity.com, a large free web hosting company, in early 1999.<ref name="2Died" /> As the sales price of top level domains started falling from $70.00 per year to less than $10.00, use of redirection services declined. With the launch of [[TinyURL]] in 2002 a new kind of redirecting service was born, namely [[URL shortening]]. Their goal was to make long URLs short, to be able to post them on internet forums. Since 2006, with the 140 character limit on the extremely popular [[Twitter]] service, these short URL services have been heavily used.
=== Referrer masking ===
Redirection services can hide the [[referrer]] by placing an intermediate page between the page the link is on and its destination. Although these are conceptually similar to other URL redirection services, they serve a different purpose, and they rarely attempt to shorten or obfuscate the destination URL (as their only intended side-effect is to hide referrer information and provide a clear gateway between other websites.) This type of redirection is often used to prevent potentially-malicious links from gaining information using the referrer, for example a [[session ID]] in the query string. Many large community websites use link redirection on external links to lessen the chance of an exploit that could be used to steal account information, as well as make it clear when a user is leaving a service, to lessen the chance of effective [[phishing]] .
Here is a simplistic example of such a service, written in [[PHP]].
<syntaxhighlight lang="html+php">
<?php
$url = htmlspecialchars($_GET['url']);
header('Refresh: 0; url=https://' . $url);
?>
<!-- Fallback using meta refresh. -->
<html>
<head>
<title>Redirecting...</title>
<meta http-equiv="refresh" content="0;url=https://<?= $url; ?>">
</head>
<body>
Attempting to redirect to <a href="https://<?= $url; ?>">https://<?= $url; ?></a>.
</body>
</html>
</syntaxhighlight>
The above example does not check who called it (e.g. by referrer, although that could be spoofed). Also, it does not check the URL provided. This means that a malicious person could link to the redirection page using a URL parameter of his/her own selection, from any page, which uses the web server's resources.
==Security issues==
URL redirection can be abused by attackers for [[phishing]] attacks, such as [[Open Redirect|open redirect]] and [[Covert Redirect|covert redirect]]. "An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation."<ref name="Open_Redirect" /> "Covert redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation."<ref name="Covert_Redirect" /> It was disclosed in May 2014 by a mathematical doctoral student Wang Jing from Nanyang Technological University, Singapore.<ref name="CNET" />
==See also==
* [[Canonical link element]]
* [[Canonical meta tag]]
* [[Domain masking]]
* [[Link rot]]
* [[Semantic URL]]
* [[URL normalization]]
==References==
{{reflist|refs=
<ref name="NtrEdf">{{cite journal | title = Google revives redirect snoopery | journal = Blog.anta.net | date = 29 January 2009 | url = http://blog.anta.net/2009/01/29/509/ | issn = 1797-1993 | archive-url=https://web.archive.org/web/20110817024348/http://blog.anta.net/2009/01/29/509/ | archive-date=17 August 2011}}</ref>
<ref name="php-301-robust-solution">{{cite web|url=http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution/ |title=PHP Redirects: 302 to 301 Rock Solid Robust Solution |publisher=WebSiteFactors.co.uk |archive-url=https://web.archive.org/web/20121012042703/http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution |archive-date=12 October 2012}}</ref>
<ref name="rfc7231sec6.4">{{cite IETF | title = Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content | rfc = 7231 | section = 6.4 | sectionname = Redirection 3xx | page = 54 | editor1 = Roy T. Fielding | editor1-link = Roy Fielding | editor2 = Julian F. Reschke | year = 2014 | publisher = [[Internet Engineering Task Force|IETF]]}}</ref>
<ref name="Open_Redirect">{{cite web | url=https://www.owasp.org/index.php/Open_redirect | title=Open Redirect |publisher= OWASP |date=16 March 2014 | access-date=21 December 2014}}</ref>
<ref name="Covert_Redirect">{{cite web | url=http://tetraph.com/covert_redirect/ | title=Covert Redirect |publisher= Tetraph |date=1 May 2014 | access-date=21 December 2014}}</ref>
<ref name="CNET">{{cite web | url=https://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/ | title=Serious security flaw in OAuth, OpenID discovered |publisher= CNET |date=2 May 2014 | access-date=21 December 2014}}</ref>
<ref name="KFihp">{{Cite web |url=https://audisto.com/insights/guides/31/ |title=Redirects & SEO - The Total Guide |access-date=29 November 2015 |publisher=Audisto}}</ref>
<ref name="NAY3X">{{cite web|url=https://www.mattcutts.com/blog/seo-advice-discussing-302-redirects/ |title=SEO advice: discussing 302 redirects |date=4 January 2006 |publisher=Matt Cutts, former Head of Google Webspam Team}}</ref>
<ref name="vMaE1">{{cite web|url=https://support.google.com/webmasters/answer/2721217?hl=en |title=Sneaky Redirects |date=3 December 2015 |publisher=Google Webmaster Guidelines}}</ref>
<ref name="XP9Dh">{{cite web|url=https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet |title=Unvalidated Redirects and Forwards Cheat Sheet |date=21 August 2014 |publisher=Open Web Application Security Project (OWASP)}}</ref>
<ref name="G1Lfc">{{Cite web |url=https://audisto.com/insights/guides/31/ |title=Redirects & SEO - The Complete Guide |access-date=29 November 2015 |publisher=Audisto}}</ref>
<ref name="venDA">{{cite IETF | title = Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content | rfc = 7231 | section = 7.1.2 | sectionname = Location | page = 68 | editor1 = Roy T. Fielding | editor2 = Julian F. Reschke | year = 2014 | publisher = [[Internet Engineering Task Force|IETF]]}}</ref>
<ref name="3Y1IG">{{cite IETF | title = Uniform Resource Identifier (URI): Generic Syntax | rfc = 3986 | section = 5 | sectionname = Reference Resolution | page = 28 | first1 = Tim | last1 = Berners-Lee | author1-link = Tim Berners-Lee | first2 = Roy T. | last2 = Fielding | author2-link = Roy Fielding | first3 = Larry | last3 = Masinter | year = 2005 | publisher = [[Internet Engineering Task Force|IETF]]}}</ref>
<ref name="T6lN6">{{cite web|url=http://nginx.org/r/rewrite |title=Module ngx_http_rewrite_module - rewrite |publisher=nginx.org |access-date=24 December 2014}}</ref>
<ref name="ltnoQ">{{cite mailing list |date=18 February 2013 |url=http://mailman.nginx.org/pipermail/nginx/2013-February/037592.html |mailing-list=nginx@nginx.org |title=A dynamic web-site written wholly in nginx.conf? Introducing mdoc.su! |first=Constantine A. |last=Murenin |access-date=24 December 2014}}</ref>
<ref name="sjHzb">{{cite web |url=http://mdoc.su/ |title=mdoc.su – Short manual page URLs for FreeBSD, OpenBSD, NetBSD and DragonFly BSD |first=Constantine A. |last=Murenin |date=23 February 2013 |access-date=25 December 2014}}</ref>
<ref name="y0ZUF">{{cite web |url=http://nginx.conf.mdoc.su/mdoc.su.nginx.conf |title=mdoc.su.nginx.conf |first=Constantine A. |last=Murenin |date=23 February 2013 |access-date=25 December 2014}}</ref>
<ref name="iFTFs">{{cite web|url=https://www.w3schools.com/tags/tag_meta.asp|title=HTML meta tag|website=www.w3schools.com}}</ref>
<ref name="BEKGZ">{{cite web|url=http://wp.netscape.com/assist/net_sites/pushpull.html|title=An Exploration of Dynamic Documents|date=2 August 2002|url-status=bot: unknown|archive-url=https://web.archive.org/web/20020802170847/http://wp.netscape.com/assist/net_sites/pushpull.html|archive-date=2 August 2002|df=dmy-all}}</ref>
<ref name="DOOOW">[http://sebastians-pamphlets.com/google-and-yahoo-treat-undelayed-meta-refresh-as-301-redirect/ "Google and Yahoo accept undelayed meta refreshs as 301 redirects"]. Sebastian's Pamphlets. 3 September 2007.</ref>
<ref name="DO1Os">{{cite web|url=http://www.w3.org/TR/WAI-WEBCONTENT/#tech-no-periodic-refresh|title=Web Content Accessibility Guidelines 1.0|website=www.w3.org}}</ref>
<ref name="sEvbk">{{cite web|url=http://www.w3.org/QA/Tips/reback|title=Use standard redirects|first=the QA|last=Team|website=www.w3.org}}</ref>
<ref name="V6sLN">{{cite web|url=http://www.w3.org/TR/WCAG10-CORE-TECHS/#auto-page-refresh|title=Core Techniques for Web Content Accessibility Guidelines 1.0|website=www.w3.org}}</ref>
<ref name="knBmq">{{cite web|url=http://insider.zone/tools/client-side-url-redirect-generator/|title=Cross-browser client side URL redirect generator|publisher=Insider Zone}}</ref>
<ref name="G9pV6">Aaron Emigh (19 January 2005). [http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf "Anti-Phishing Technology"] {{Webarchive|url=https://web.archive.org/web/20070927171420/http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf |date=27 September 2007}} (PDF). Radix Labs.</ref>
<ref name="zW4Ol">{{cite web|url=https://www.w3.org/TR/html5/obsolete.html|title=HTML 5.2: 11. Obsolete features|website=www.w3.org}}</ref>
<ref name="wszci">[https://venturebeat.com/2015/06/12/wikipedia-to-start-using-secure-https-by-default-for-all-users/ Wikipedia to start using secure HTTPS by default for all users] VentureBeat article, 12 June 2015</ref>
<ref name="2Died">{{cite news | url=http://news.bbc.co.uk/2/hi/technology/6991719.stm | work=BBC News | title=Net gains for tiny Pacific nation | date=14 September 2007 | access-date=27 May 2010 | url-status=dead | archive-url=https://web.archive.org/web/20140512232450/http://news.bbc.co.uk/2/hi/technology/6991719.stm | archive-date=12 May 2014 | df=dmy-all}}</ref>
}}
==External links==
* [https://httpd.apache.org/docs/2.4/en/urlmapping.html Mapping URLs to Filesystem Locations - Apache HTTP Server Version 2.4]
* [http://www2007.org/workshops/paper_115.pdf Taxonomy of JavaScript Redirection Spam] (Microsoft Live Labs)
* [http://projects.webappsec.org/URL-Redirector-Abuse Security vulnerabilities in URL Redirectors] The Web Application Security Consortium Threat Classification
{{Spamming}}
{{DEFAULTSORT:Url Redirection}}
[[Category:URL]]
[[Category:Black hat search engine optimization]]
[[Category:Internet search]]
[[Category:Internet terminology]]' |
Unified diff of changes made by edit (edit_diff) | '@@ -17,7 +17,4 @@
<!-- Do NOT give any examples of misspelled domain names. "examlpe.com" currently leads to a site that tries to load malware on your computer. -->
A user might mistype a URL. Organizations often register these "misspelled" domains and redirect them to the "correct" location. This technique is often used to "reserve" other [[top-level domain]]s (TLD) with the same name, or make it easier for a ".edu" or ".net" site to accommodate users who type ".com".
-
-=== Logging outgoing links ===
-The access logs of most web servers keep detailed information about where visitors came from and how they browsed the hosted site. They do not, however, log which links visitors left by. This is because the visitor's browser has no need to communicate with the original server when the visitor clicks on an outgoing link. This information can be captured in several ways. One way involves URL redirection. Instead of sending the visitor straight to the other site, links on the site can direct to a URL on the original website's domain that automatically redirects to the real target. This technique bears the downside of the delay caused by the additional request to the original website's server. As this added request will leave a trace in the server log, revealing exactly which link was followed, it can also be a privacy issue.<ref name="NtrEdf" /> The same technique is also used by some corporate websites to implement a statement that the subsequent content is at another site, and therefore not necessarily affiliated with the corporation. In such scenarios, displaying the warning causes an additional delay.
=== Short aliases for long URLs ===
' |
New page size (new_size) | 32753 |
Old page size (old_size) | 33909 |
Size change in edit (edit_delta) | -1156 |
Lines added in edit (added_lines) | [] |
Lines removed in edit (removed_lines) | [
0 => '',
1 => '=== Logging outgoing links ===',
2 => 'The access logs of most web servers keep detailed information about where visitors came from and how they browsed the hosted site. They do not, however, log which links visitors left by. This is because the visitor's browser has no need to communicate with the original server when the visitor clicks on an outgoing link. This information can be captured in several ways. One way involves URL redirection. Instead of sending the visitor straight to the other site, links on the site can direct to a URL on the original website's domain that automatically redirects to the real target. This technique bears the downside of the delay caused by the additional request to the original website's server. As this added request will leave a trace in the server log, revealing exactly which link was followed, it can also be a privacy issue.<ref name="NtrEdf" /> The same technique is also used by some corporate websites to implement a statement that the subsequent content is at another site, and therefore not necessarily affiliated with the corporation. In such scenarios, displaying the warning causes an additional delay.'
] |
All external links added in the edit (added_links) | [] |
All external links removed in the edit (removed_links) | [] |
All external links in the new text (all_links) | [
0 => 'https://web.archive.org/web/20110817024348/http://blog.anta.net/2009/01/29/509/',
1 => '//www.worldcat.org/issn/1797-1993',
2 => 'http://blog.anta.net/2009/01/29/509/',
3 => 'https://audisto.com/insights/guides/31/',
4 => 'https://www.mattcutts.com/blog/seo-advice-discussing-302-redirects/',
5 => 'https://support.google.com/webmasters/answer/2721217?hl=en',
6 => 'https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet',
7 => 'https://web.archive.org/web/20121012042703/http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution',
8 => 'http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution/',
9 => 'https://tools.ietf.org/html/rfc7231#section-7.1.2',
10 => 'https://tools.ietf.org/html/rfc7231',
11 => '//doi.org/10.17487%2FRFC7231',
12 => 'https://tools.ietf.org/html/rfc3986#section-5',
13 => 'https://tools.ietf.org/html/rfc3986',
14 => '//doi.org/10.17487%2FRFC3986',
15 => 'http://nginx.org/r/rewrite',
16 => 'http://mailman.nginx.org/pipermail/nginx/2013-February/037592.html',
17 => 'http://mdoc.su/',
18 => 'http://nginx.conf.mdoc.su/mdoc.su.nginx.conf',
19 => 'https://www.w3schools.com/tags/tag_meta.asp',
20 => 'https://web.archive.org/web/20020802170847/http://wp.netscape.com/assist/net_sites/pushpull.html',
21 => 'http://sebastians-pamphlets.com/google-and-yahoo-treat-undelayed-meta-refresh-as-301-redirect/',
22 => 'http://www.w3.org/TR/WAI-WEBCONTENT/#tech-no-periodic-refresh',
23 => 'http://www.w3.org/QA/Tips/reback',
24 => 'http://www.w3.org/TR/WCAG10-CORE-TECHS/#auto-page-refresh',
25 => 'http://insider.zone/tools/client-side-url-redirect-generator/',
26 => 'http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf',
27 => 'https://web.archive.org/web/20070927171420/http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf',
28 => 'https://www.w3.org/TR/html5/obsolete.html',
29 => 'https://venturebeat.com/2015/06/12/wikipedia-to-start-using-secure-https-by-default-for-all-users/',
30 => 'https://tools.ietf.org/html/rfc7231#section-6.4',
31 => 'https://web.archive.org/web/20140512232450/http://news.bbc.co.uk/2/hi/technology/6991719.stm',
32 => 'http://news.bbc.co.uk/2/hi/technology/6991719.stm',
33 => 'https://www.owasp.org/index.php/Open_redirect',
34 => 'http://tetraph.com/covert_redirect/',
35 => 'https://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/',
36 => 'http://www.wikipedia.com',
37 => 'http://www.wikipedia.net',
38 => 'http://www.wikipedia.org',
39 => 'https://www.dragonflybsd.org/cgi/web-man?command=HAMMER§ion=5',
40 => 'http://www.w3.org/TR/WAI-WEBCONTENT/#gl-movement',
41 => 'https://httpd.apache.org/docs/2.4/en/urlmapping.html',
42 => 'http://www2007.org/workshops/paper_115.pdf',
43 => 'http://projects.webappsec.org/URL-Redirector-Abuse',
44 => 'http://wikipedia.com',
45 => 'https://www.wikipedia.org/',
46 => 'http://www.example.com/1',
47 => 'http://www.example.com/2',
48 => 'http://www.example.com/3'
] |
Links in the page, before the edit (old_links) | [
0 => '//doi.org/10.17487%2FRFC3986',
1 => '//doi.org/10.17487%2FRFC3986',
2 => '//doi.org/10.17487%2FRFC7231',
3 => '//doi.org/10.17487%2FRFC7231',
4 => '//www.worldcat.org/issn/1797-1993',
5 => '//www.worldcat.org/issn/1797-1993',
6 => 'http://blog.anta.net/2009/01/29/509/',
7 => 'http://insider.zone/tools/client-side-url-redirect-generator/',
8 => 'http://mailman.nginx.org/pipermail/nginx/2013-February/037592.html',
9 => 'http://mdoc.su/',
10 => 'http://news.bbc.co.uk/2/hi/technology/6991719.stm',
11 => 'http://nginx.conf.mdoc.su/mdoc.su.nginx.conf',
12 => 'http://nginx.org/r/rewrite',
13 => 'http://projects.webappsec.org/URL-Redirector-Abuse',
14 => 'http://sebastians-pamphlets.com/google-and-yahoo-treat-undelayed-meta-refresh-as-301-redirect/',
15 => 'http://tetraph.com/covert_redirect/',
16 => 'http://wikipedia.com',
17 => 'http://www.example.com/1',
18 => 'http://www.example.com/2',
19 => 'http://www.example.com/3',
20 => 'http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf',
21 => 'http://www.w3.org/QA/Tips/reback',
22 => 'http://www.w3.org/TR/WAI-WEBCONTENT/#gl-movement',
23 => 'http://www.w3.org/TR/WAI-WEBCONTENT/#tech-no-periodic-refresh',
24 => 'http://www.w3.org/TR/WCAG10-CORE-TECHS/#auto-page-refresh',
25 => 'http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution/',
26 => 'http://www.wikipedia.com',
27 => 'http://www.wikipedia.net',
28 => 'http://www.wikipedia.org',
29 => 'http://www2007.org/workshops/paper_115.pdf',
30 => 'https://audisto.com/insights/guides/31/',
31 => 'https://httpd.apache.org/docs/2.4/en/urlmapping.html',
32 => 'https://support.google.com/webmasters/answer/2721217?hl=en',
33 => 'https://tools.ietf.org/html/rfc3986',
34 => 'https://tools.ietf.org/html/rfc3986#section-5',
35 => 'https://tools.ietf.org/html/rfc7231',
36 => 'https://tools.ietf.org/html/rfc7231#section-7.1.2',
37 => 'https://tools.ietf.org/html/rfc7231#section-6.4',
38 => 'https://venturebeat.com/2015/06/12/wikipedia-to-start-using-secure-https-by-default-for-all-users/',
39 => 'https://web.archive.org/web/20020802170847/http://wp.netscape.com/assist/net_sites/pushpull.html',
40 => 'https://web.archive.org/web/20070927171420/http://www.sfbay-infragard.org/Documents/phishing-sfectf-report.pdf',
41 => 'https://web.archive.org/web/20110817024348/http://blog.anta.net/2009/01/29/509/',
42 => 'https://web.archive.org/web/20121012042703/http://www.websitefactors.co.uk/php/2011/05/php-redirects-302-to-301-rock-solid-solution',
43 => 'https://web.archive.org/web/20140512232450/http://news.bbc.co.uk/2/hi/technology/6991719.stm',
44 => 'https://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/',
45 => 'https://www.dragonflybsd.org/cgi/web-man?command=HAMMER§ion=5',
46 => 'https://www.mattcutts.com/blog/seo-advice-discussing-302-redirects/',
47 => 'https://www.owasp.org/index.php/Open_redirect',
48 => 'https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet',
49 => 'https://www.w3.org/TR/html5/obsolete.html',
50 => 'https://www.w3schools.com/tags/tag_meta.asp',
51 => 'https://www.wikipedia.org/'
] |
Whether or not the change was made through a Tor exit node (tor_exit_node) | false |
Unix timestamp of change (timestamp) | 1632354586 |