Open Redirect Vulnerability
An open redirect occurs when a web application redirects users to an untrusted URL provided in a parameter. Attackers use it for phishing (trusted domain in URL bar), OAuth token theft, and bypassing URL allowlists.
Redirect State
Request URL
-
Redirect Target
-
Is Safe?
-
Attack Type
-
Prevention
Allowlist relative paths only
Token-based redirect IDs
Reject non-same-origin URLs
Block javascript: / data: URLs
Show redirect warning page
Token-based redirect IDs
Reject non-same-origin URLs
Block javascript: / data: URLs
Show redirect warning page
Event Log