Concepts

HTTP Redirects

How servers tell clients to navigate to another URL, and why redirect status codes affect caching, mutability, analytics, and control.

foundation4 min readUpdated unknownModelingOperationsTradeoffs
301 Redirect302 Redirect307 Redirect308 RedirectBrowser Caching

Concepts Covered

  • HTTP redirect responses
  • Location header
  • Permanent redirects
  • Temporary redirects
  • Browser and intermediary caching
  • Analytics visibility
  • Redirect control tradeoffs

Definition

An HTTP redirect is a server response that tells the client to request a different URL.

A simplified response looks like:

HTTP/1.1 302 Found
Location: https://example.com/destination

The client receives the response, reads the Location header, and navigates to that destination.

For a URL shortener, redirects are the core product behavior. The short URL receives the request. The service returns an HTTP redirect to the long destination.

The Pain That Forces Redirect Choices

At first, a redirect looks like one line of code:

return redirect(destination_url)

But the status code changes the product's future control.

Should the browser ask the shortener every time? Should the browser cache the destination forever? What if the link is edited, disabled, expired, flagged as malware, or needs analytics tracking?

The wrong redirect code can make the service fast but blind. If clients cache the redirect aggressively, future visits may skip the shortener entirely.

That means the system may lose:

  • click analytics
  • abuse checks
  • expiration enforcement
  • destination updates
  • policy changes

Redirect codes are not just HTTP details. They define how much authority the shortener keeps after the first visit.

Mental Model

A redirect response has two parts:

status code: what kind of redirect this is
Location: where the client should go

The status code tells clients and intermediaries whether the redirect is temporary or permanent, and whether the original HTTP method should be preserved.

For most URL shortener redirects, the request is a GET, so method preservation is less important than caching and control.

Common Redirect Codes

CodeMeaningPractical impact
301Moved PermanentlyClients may cache aggressively
302FoundCommon temporary redirect with more server control
307Temporary RedirectTemporary and preserves HTTP method
308Permanent RedirectPermanent and preserves HTTP method

For URL shorteners, 302 is often attractive because it keeps future visits flowing through the shortener. That allows analytics, abuse checks, expiration logic, and destination changes to continue working.

Permanent redirects can be useful when the destination is truly stable and the system wants maximum caching. But they should be chosen intentionally.

Example: Why 301 Can Be Dangerous

Suppose a short link initially points to:

https://safe.example.com

The shortener returns:

HTTP/1.1 301 Moved Permanently
Location: https://safe.example.com

A browser or intermediary may cache that permanent mapping. Later, the owner changes the destination, or the platform disables the link because it becomes unsafe.

Some clients may continue using the cached redirect without asking the shortener again. The platform has lost control for those clients.

This is why many shorteners prefer temporary redirects even when the destination usually does not change.

Analytics And Critical Path

A redirect endpoint should be fast. Users experience redirect latency directly.

The service may need to:

1. parse short code
2. resolve destination
3. check link status
4. emit click event
5. return redirect

The analytics work should usually be asynchronous. If the redirect waits for analytics writes, dashboard storage or event processing can slow down the user-facing path.

The redirect response should not depend on every secondary workflow.

Failure Modes

  • Permanent redirects bypass future analytics.
  • Cached redirects ignore later abuse or expiration decisions.
  • Redirect loops send users back and forth between URLs.
  • Unsafe schemes such as javascript: or untrusted deep links are allowed.
  • Slow synchronous analytics increases redirect latency.
  • Cache misses overload the database during traffic spikes.

Operational Reality

Important signals:

  • redirect latency p95 and p99
  • cache hit ratio for code lookups
  • redirect status-code distribution
  • analytics event enqueue failures
  • disabled-link access attempts
  • unsafe destination detections
  • redirect loop reports

HTTP redirects are simple at the protocol level. The hard part is deciding how much future control, observability, and mutability the platform needs.

Knowledge links

Use these links to understand what to know first, where this idea appears, and what to study next.

Prerequisites

Read these first if this topic feels unfamiliar.

Caching

Used In Systems

System studies where this idea appears in context.

URL Shortener System

Related Concepts

Core ideas that connect to this topic.

Short-Code GenerationAnalytics Pipelines