1. HTTP Redirects Overview
When you visit a URL and are automatically sent to a different URL, that is a redirect. Redirects are a fundamental part of how the web works — they are used for URL shortening, website migrations, canonical URL enforcement, HTTPS upgrades, and many other purposes. Understanding the different redirect types matters both for SEO (different types pass link equity differently) and for security (different types have different evasion capabilities).
HTTP redirects are delivered through response status codes in the 3xx range. The server returns this status code along with a Location header containing the destination URL. The browser or tool following the redirect then makes a new request to the destination URL. URL expanders like URLExpander.org intercept this process to reveal the full chain without your browser ever reaching the final destination.
Beyond HTTP-level redirects, destinations can also be reached through HTML-level mechanisms (meta-refresh) and JavaScript-level mechanisms (window.location). These behave differently from HTTP redirects and require different detection methods — which is precisely why many basic URL expanders fail on services like shorturl.at that use JavaScript redirects.
2. HTTP 301 — Moved Permanently
A 301 Moved Permanently redirect tells browsers and search engine crawlers that a resource has permanently relocated to a new URL. This is the most common redirect type used by URL shorteners including bit.ly (premium), Rebrandly, and wp.me.
From an SEO perspective, 301 redirects pass the majority of link equity (PageRank) from the source URL to the destination — Google estimates approximately 90-99% of link equity is transferred through a properly implemented 301. Search engines update their index to reflect the destination URL after crawling a 301, effectively consolidating the link's value at the destination.
From a caching perspective, browsers may cache 301 redirects indefinitely by default. This means that once a user's browser has followed a 301, subsequent visits to the short URL may load from the browser's cache without contacting the server — a consideration for URL shorteners that need to change destinations after distribution.
In our redirect chain visualization, 301 hops are shown with a blue badge. A chain consisting entirely of 301 redirects is the most SEO-friendly configuration, though each additional hop still represents a small delay and marginal link equity loss.
3. HTTP 302 — Found (Temporary Redirect)
A 302 Found redirect indicates a temporary move — the resource will return to the original URL in the future. Free URL shortener services, A/B testing setups, and campaign tracking systems commonly use 302 redirects. T.co (Twitter), some free bit.ly links, and many affiliate tracking systems use 302.
Search engines do not pass link equity through 302 redirects and do not update their index to reflect the destination URL — they continue to index the original (source) URL, treating the redirect as temporary. For SEO purposes, a 302 where a 301 is intended is a critical technical mistake that can silently destroy link building value.
From a security perspective, 302 redirects are particularly relevant because they are more commonly used by systems that dynamically route traffic — which means the destination can change without any indication to the user. A link that previously pointed to a legitimate destination could be changed to a malicious one without the short URL itself changing. Our expander always follows the live redirect chain rather than caching previous results.
4. HTTP 307 & 308 — Modern Variants
307 Temporary Redirect is the HTTP/1.1 successor to 302, with an important distinction: it explicitly preserves the HTTP method of the original request. A POST request to a 307 URL will POST to the destination, while a 302 implementation may change it to a GET. In practice, URL shorteners rarely use 307 since users are almost always making GET requests.
308 Permanent Redirect is the HTTP/1.1 successor to 301, with the same method-preservation behaviour. Like 301, 308 passes link equity and triggers search engine index updates. Browser support for 308 is universal in modern browsers. Some newer link management systems are beginning to adopt 308 for campaigns where maintaining POST semantics matters.
URLExpander.org detects and displays all 3xx redirect types in the chain visualization, showing the exact numeric status code for each hop so you can identify precisely which redirect type each service in a chain is using.
5. Meta-Refresh HTML Redirects
A meta-refresh redirect is implemented in HTML rather than HTTP headers, using a <meta> tag in the page's <head> section. The syntax is:
<meta http-equiv="refresh" content="0; url=https://destination.com/">
The number before the semicolon is the delay in seconds before the redirect fires. A value of 0 means immediate redirect. Meta-refresh is used by some URL shorteners (including some configurations of shorturl.at and older services) as an alternative to HTTP Location headers, sometimes because it provides more control over the user experience or because the hosting environment doesn't easily support custom HTTP headers.
Meta-refresh redirects are problematic for several reasons. Search engines treat them inconsistently — Google sometimes passes link equity through them, sometimes not. They also cannot be detected by tools that only examine HTTP headers and do not parse the HTML body of the response. Our engine downloads the HTML body and parses it specifically to detect meta-refresh patterns.
6. JavaScript Redirects
JavaScript redirects use client-side scripting to navigate the browser to a new URL. Common patterns include:
window.location.href = "https://destination.com/";
window.location.replace("https://destination.com/");
document.location = "https://destination.com/";
Services like shorturl.at use JavaScript redirects because they allow for more complex routing logic — conditional redirects based on device type, geographic location, or time of day — that HTTP headers cannot support alone. JavaScript redirects are also used in some affiliate tracking setups and A/B testing frameworks.
JavaScript redirects are entirely invisible to tools that only follow HTTP headers or only check HTTP status codes. This is why many URL expanders (and many security tools) cannot handle shorturl.at and similar services. URLExpander.org fetches the page body and applies multiple regex patterns to detect all common JavaScript redirect implementations, providing coverage that most alternative tools miss.
From an SEO perspective, search engines do not reliably follow JavaScript redirects and generally do not pass link equity through them. If you are managing redirect infrastructure for SEO purposes, JavaScript redirects should be replaced with proper HTTP 301 redirects wherever possible.
7. Redirect Type Comparison
| Type | Level | SEO Equity | Cacheable | Browser Support | Detectable by Basic Expanders |
|---|---|---|---|---|---|
301 | HTTP | ~99% passed | Yes (indefinite) | Universal | Yes |
302 | HTTP | Not passed | No | Universal | Yes |
307 | HTTP | Unclear | No | Modern browsers | Yes |
308 | HTTP | ~99% passed | Yes | Modern browsers | Yes |
| Meta-Refresh | HTML | Inconsistent | No | Universal | Often No |
| JS Redirect | JavaScript | Not passed | No | Requires JS | Rarely |
8. SEO Impact of Redirect Chains
Every redirect hop in a chain introduces a small amount of link equity loss and a small latency penalty. While Google has stated that properly implemented 301 redirect chains pass approximately the same link equity as a single 301, empirical SEO testing consistently shows measurable loss in longer chains. The practical recommendation from SEO professionals is to keep redirect chains to a maximum of 2-3 hops for any URL that carries meaningful link equity.
For URL shorteners used in link building campaigns, the redirect path matters significantly. A link that travels through: affiliate network → URL shortener → destination passes through two redirects before reaching the page you want to rank. If the affiliate network uses 302 and the shortener uses 301, the effective link equity at the destination may be substantially reduced compared to a direct link.
URLExpander.org's redirect chain visualization lets you audit exactly how many hops and which redirect types exist in any link chain, enabling informed decisions about redirect chain optimisation for SEO campaigns.
9. Security Implications by Redirect Type
301 redirects and browser caching: Because browsers cache 301 redirects, a user who visited a legitimate destination via a 301 short URL will be served the cached destination if the short URL's destination is later changed to a malicious page — until the browser cache is cleared. This is a nuanced risk in shared/enterprise environments.
302 redirects and dynamic routing: The temporary nature of 302 means destinations can change without notice. Attackers who compromise a URL shortener's database or infrastructure can silently reroute 302-based short links to malicious destinations. Users who trusted a 302 short URL previously have no way to know the destination has changed without re-expanding it.
JavaScript redirects and security tools: Because most email security gateways and URL reputation checkers only follow HTTP redirects, JavaScript-redirect-based shorteners effectively bypass automated link scanning. A malicious link distributed via a JavaScript-redirect shortener may appear clean to enterprise email security but be dangerous in practice.
Meta-refresh and social engineering: Meta-refresh redirects with a non-zero delay (e.g., content="3; url=...") can display a brief legitimate-looking page before redirecting to a malicious destination — a technique used to make the link appear legitimate in link previews and security scans that only check the initial page.
10. How URLExpander.org Detects All Redirect Types
Our v3 expansion engine was specifically engineered to handle every redirect type documented above. For HTTP redirects (301, 302, 307, 308), we follow the Location response header. For meta-refresh, we download the page body and use pattern matching to find <meta http-equiv="refresh"> tags regardless of attribute ordering. For JavaScript redirects, we scan the page body for all common window.location, window.location.href, window.location.replace, and document.location assignment patterns.
We also use a cookie jar to handle services that set cookies during the redirect process (some shorteners use session cookies to control redirect flow), and we send realistic browser headers to avoid bot detection that could return false results. This combination makes URLExpander.org one of the most comprehensive URL expanders available — and explains why services like shorturl.at, which previously failed, now work correctly.
Related: URL Security Guide · URL Expander — Expand Any Short Link · Tools for Cybersecurity Analysts