Home/ Glossary/ Open Redirect

Open Redirect (Open Redirect)

Security Glossary - Web Security

Definition: An open redirect vulnerability exists when a web application accepts a URL as a parameter and redirects the user to it without validating the destination. Attackers exploit this by crafting URLs that appear to link to a trusted domain but redirect to a malicious site, making phishing attacks more convincing.

Why You Should Care About Open Redirect

Open redirects make phishing attacks more effective because the initial URL is on a trusted domain. A link like trusted-bank.com/redirect?url=evil-site.com looks legitimate at first glance. Users and email filters that check the domain see the trusted bank's domain, lowering their guard.

While open redirects alone do not directly compromise the vulnerable site, they are a trust amplifier for phishing attacks. They also appear in OAuth flows where the redirect_uri parameter, if not validated, can leak authorization codes or tokens to attacker-controlled servers.

Prevention involves validating all redirect destinations against a whitelist of allowed URLs or domains. Only allow redirects to paths on your own domain (relative URLs) or to explicitly approved external domains. Never use user-supplied URLs directly in redirect responses.

How to Verify

A security audit checks for common redirect parameters in your application. Test by substituting redirect URLs with external domains to see if the application follows them. Application security scanners also check for open redirect vulnerabilities.

See how your site handles Open Redirect

Run a Security Audit

Questions and Answers

How do I fix an open redirect?
Validate the redirect URL against a whitelist of allowed destinations. For internal redirects, only allow relative URLs (starting with / and not //) rather than full URLs. For OAuth, validate redirect_uri against pre-registered values.
Is an open redirect a serious vulnerability?
By itself, it is medium severity. It does not directly compromise your application. However, it amplifies phishing attacks by lending your domain's trust to malicious URLs. In the context of OAuth, it can lead to token theft, which is high severity.

Learn More

Phishing Cross-Site Scripting OWASP Top 10 Security Headers Overview Cross-Site Request Forgery
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.