How to Inspect URL Redirects Without Opening a Suspicious Link
Inspect shortened links, tracking URLs, Safe Links, QR destinations, and redirect chains safely. Learn what to check before opening an unknown URL.
Inspect the URL string before you trust the click
Suspicious links often hide behind shorteners, redirect services, tracking domains, QR codes, or wrapped email security URLs. You can learn a lot before opening them: hostname, scheme, path, encoded parameters, redirect intent, and whether the visible brand matches the actual destination.
When to use this guide
Short link review
Inspect bit.ly, t.co, marketing links, and app deep links before sharing or opening.
QR destination checks
Decode or paste a QR URL and verify the target domain before using it.
Email security
Inspect Safe Links and wrapped URLs after decoding the original destination.
Redirect cleanup
Separate useful destination parameters from tracking parameters.
Safe URL inspection workflow
Copy, do not click
Parse the URL
Check hostname and lookalikes
account.example.com with fake lookalikes such as example-login.com or example.com.attacker.test.Decode nested destinations
url, u, redirect, target, or continue.URL parts to inspect
| Task | Input | Result |
|---|---|---|
| Scheme | http:// | Plain HTTP is weaker than HTTPS and deserves extra caution. |
| Hostname | login.example.com | The registered domain should match the expected organization. |
| Redirect parameter | ?redirect=https%3A%2F%2F... | Decode the nested URL and inspect that target too. |
| Fragment | #access_token=... | Fragments may contain app state or tokens and should not be shared blindly. |
What to inspect before opening a link
A suspicious link can look trustworthy because the visible text is friendly. URL inspection focuses on the parts the browser actually uses: scheme, registered domain, path, query, fragment, and redirects.
Registered domain
login.example.com, the key trust decision is example.com. In example.com.attacker.test, the registered domain is different.Encoded values
Fragments and tokens
# is not sent to the server by normal HTTP requests, but it can still contain app state, invite codes, or tokens that should not be shared.QR code destinations
Suspicious link checklist
- 1Compare the registered domain with the organization you expected to visit.
- 2Decode any nested
url,redirect,next, orcontinueparameter. - 3Avoid sharing URLs that contain tokens, private document IDs, or session-related fragments.
- 4If the decoded link becomes a QR code, inspect the QR destination again before using it on another device.
What makes a redirect suspicious?
A redirect is suspicious when the displayed brand, the hostname, and the final destination do not agree. Be extra careful with login pages, payment flows, file downloads, and links that use multiple layers of URL encoding.
Parameters that often hide another URL
urluredirectredirect_uritargettocontinuenextreturnRelated workflow
This guide is designed to pair with the tool linked below. Use the article to understand the workflow, then open the tool with a real sample so you can validate the result instead of copying a generic answer from a search result.
Common mistakes to avoid
- Checking the visible anchor text instead of the actual href.
- Trusting a URL because the expected brand appears somewhere in the path or query string.
- Ignoring a second encoded URL inside a query parameter.
- Sharing URLs that contain tokens, session IDs, or private document IDs.
FAQ
Can I inspect a redirect chain without opening the final page?
Is HTTPS enough to trust a link?
What is the most important URL part?
Try it in URL Inspector
Related Articles
Safe Links and Wrapped URLs Explained
Understand Microsoft Safe Links, Proofpoint, Mimecast, and other wrapped URLs. Learn why links are rewritten, how to decode the destination, and how to inspect safely.
How to Decode JWT Tokens Securely
Understand JWT structure, decode tokens safely, and inspect claims, expiry, and signatures. A complete guide with best practices and our free JWT Decoder tool.