Open redirect

URL that can be used to redirect to an arbitrary second URL.

An open redirect is a URL that redirects to a second URL which is read from the first URL's query string and which can be modified to make the redirect go to an arbitrary website.

For example, the server at example.com could be set so that any URL of the type www.example.com/redirect?url=secondwebsite.com would redirect to secondwebsite.com no matter what that site was - this would be an open redirect.

Open redirects are popular among webmasters for monitoring the links users are clicking on: before the user is redirected, their 'click' is registered in a database. However, open redirects have become popular among spammers too, who send emails containing open redirects and thus circumventing spam filters that blacklist certain URLs. Popular websites such as Google and LinkedIn are known to use or have used open redirects.

Although an open redirect does not harm the site itself, webmasters should avoid using them due to the fact that they help spammers, could cause increased and unwanted traffic to the site and could eventually lead to their own site being blacklisted. Clicked links can be monitored for example by only allowing redirects to certain URLs or by using numbers that correspond to entries in a database with links instead of URLs.