Hypertext Transfer Protocol (HTTP) Redirect Checker

{{ schemeBadge }} {{ redirectBadge }} {{ latencyBadge }} {{ slowestHopBadge }} {{ finalSecurityBadge }} {{ fallbackBadge }}

{{ routeWarningBadge }} Limit: {{ limitingNote }}

URL:

Format: https://example.com/path or example.com; press Enter to check.

Ignored {{ extraLineCount }} extra line(s). This checker traces only the first non-empty URL.

Method preference:

Accepted: HEAD or GET; fallback GET still handles HEAD 405s.

User-Agent profile:

Choose Tool default, Desktop, Mobile, Googlebot, or Custom.

Custom User-Agent:

Paste one single-line User-Agent string, e.g. Googlebot or a browser UA.

Timeout per hop:

Range: 200-4000 ms per hop.

Max redirects:

Range: 1-20 redirects.

Validate TLS certificate:

On for production; Off only for known self-signed or broken certificates.

Fallback GET on 405:

Only applies when Method preference is HEAD.

Category	Field	Value	Detail	Copy
{{ row.category }}	{{ row.label }}	{{ row.value }}	{{ row.note }}
No route summary available.

#	URL	Status	Method	Shift	Location	Time (ms)	Copy
{{ hop.index }}	{{ hop.url }} {{ hop.signalSummary }}	{{ hop.statusLabel }}	{{ hop.method }} {{ hop.methodNote }}	{{ hop.changeLabel }} {{ hop.changeNote }}	{{ hop.location \|\| '—' }} {{ hop.resolvedLocation }}	{{ hop.time_ms }}
No hops recorded.

Category	Signal	Observed value / note	Copy
{{ row.category }}	{{ row.label }}	{{ row.value }}
No route signals available.

{{ replayCommand }}

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

Redirects are the quiet routing rules behind many ordinary web visits. A typed address might start on plain HTTP, move to HTTPS, switch from a bare domain to a www host, add or remove a trailing slash, pass through a short-link host, and finally arrive at the page a person actually sees. The browser hides most of that trip once the final page loads, but each hop can affect security, crawl signals, cache behavior, and page-load delay.

An HTTP redirect is a server response in the 3xx range that points the client to another URI, usually through a Location header. The status code describes the kind of handoff. 301 and 308 are normally used for permanent moves, while 302, 303, and 307 are commonly used when the destination is temporary, conditional, or request-specific. A redirect chain is the ordered set of these request-and-response steps until a non-redirect response, a stop condition, or an error ends the route.

Redirects are useful when they are deliberate and short. A migration from http://example.com to https://www.example.com/ should usually be one clean permanent hop. A campaign link may need a temporary handoff, but extra hosts and mixed redirect types can make analytics harder to trust. Old canonical rules can also fight each other, such as one rule adding www while another removes it, which creates a loop instead of a landing page.

Hop: One request and response in the visible route.
Location: The redirect target named by the server. Relative values are resolved against the current URL.
Final response: The last observed response, which might be a successful page, an error, or an unfinished redirect.
HSTS: HTTP Strict Transport Security, a policy that tells browsers to use HTTPS for future visits to the host.

Request details can change the path. Some origins treat HEAD differently from GET. Mobile and crawler user agents may be sent to different hosts. Regional routing, cookies, authentication, CDN cache state, and bot rules can also change what a client sees. That is why redirect checks are best read as evidence for one observed request, not as proof that every visitor or crawler will see the same chain.

HTTP traces do not capture every kind of navigation. JavaScript redirects, meta refresh tags, consent walls, logged-in journeys, and browser history changes happen outside the server-side redirect exchange. A clean HTTP path is still valuable, but it should be paired with browser testing when the real user journey depends on scripts, sessions, or geography.

How to Use This Tool:

Use the checker to capture one HTTP route, then compare the summary, hop table, charts, and replay command before sharing or acting on the result.

Enter one address in URL. Bare domains are accepted and start as HTTP so scheme upgrades are visible. If several lines are pasted, only the first non-empty URL is traced and the extra-line warning tells you what was ignored.
Choose Method preference. HEAD is a lightweight first pass for headers and route shape. Use GET when the route differs for a full fetch or when the target rejects header-only requests.
Select User-Agent profile. Tool default, Desktop browser, Mobile browser, Googlebot, and Custom string help compare routes that vary by client identity.
Open Advanced when the default trace needs tuning. Timeout per hop accepts 200 to 4000 milliseconds, Max redirects accepts 1 to 20, and Validate TLS certificate should normally stay on for production checks.
Leave Fallback GET on 405 enabled when starting with HEAD unless you specifically need to prove that HEAD fails. When the fallback is used, Method path records the change.
Press Check. If validation fails, fix the URL format first. If the live lookup fails or times out, retry with a slower per-hop timeout only after checking that the address is public and not session-gated.
Read Route Brief first. It combines Final URL, Final status, Route health, Redirect mix, Total time, Final security, Host handoffs, Method path, and the primary recommendation.
Use Hop Ledger for the step-by-step chain, Signal Table for HSTS, canonical, cache, robots, server, and redirect hints, Hop Timeline and Latency Curve for speed shape, and Replay Command when you need a comparable cURL run.

Use the available exports only after the method, user-agent profile, timeout, and redirect ceiling match the question you are documenting.

Interpreting Results:

Final URL and Final status tell you where the observed chain ended. A 2xx final status means the route reached a successful response. A 4xx or 5xx final status means the redirect path may be syntactically valid while the destination still fails. A visible 3xx, Limit note, repeated URL, timeout, or invalid target means the trace is incomplete and should not be treated as a settled destination.

HTTP redirect result cues and practical follow-up checks
Visible Cue	Best First Reading	What to Verify Next
Clean redirect path	The chain reached a successful HTTPS destination with little redirect debt.	Repeat with crawler and mobile user agents before closing a migration or SEO task.
Incomplete trace	A timeout, redirect ceiling, loop, or bad redirect target stopped the route.	Inspect repeated URLs and slow intermediate hosts before raising limits.
HTTPS downgrade in chain	A secure hop sent the client back to plain HTTP.	Fix redirect and origin rules so the route remains HTTPS from upgrade to final response.
HEAD to GET fallback	The origin rejected HEAD with `405`, so the trace continued with GET.	Use GET for monitoring when the check needs to mirror ordinary browser fetches.
Host handoff detected	The route crossed one or more host boundaries.	Confirm each handoff is intentional and not an old tracking, CDN, or migration rule.

Route health is a triage score, not a protocol standard. It drops for incomplete traces, failing destinations, extra redirects, temporary redirects, slow hops, insecure finals, missing HSTS on HTTPS, host handoffs, HTTPS downgrades, and repeated URLs. Use it to prioritize cleanup, then use the hop-level evidence to decide what actually needs to change.

Charts help separate route shape from route cost. Hop Timeline shows which individual hop is slow. Latency Curve shows how cumulative delay grows as the chain progresses. A route with one slow hop needs a different fix from a route with several small but unnecessary hops.

Technical Details:

HTTP redirection is governed by response status, request method, and a usable target URI. A Location header can contain an absolute URI or a relative reference. Relative references are resolved against the current request URI, so /new has a different final meaning on different hosts.

Method handling matters because route tests often start with HEAD. HEAD asks for the headers that a GET request would have received without transferring a response body. Some servers do not implement HEAD consistently, and a 405 Method Not Allowed on HEAD may not mean the page is unavailable to browsers. The optional fallback records that distinction by retrying with GET and preserving the visible method path.

Rule Core

HTTP redirect signals and route tracing behavior
Signal	Trace Meaning	Review Impact
301 or 308	Permanent move to a new URI.	Expected for canonical migrations, but extra permanent hops still add route cost.
302, 303, or 307	Temporary, context-specific, or method-aware handoff.	Useful for conditional routes, but suspicious when the destination should be stable.
3xx without Location	The response signals redirection without a usable next target.	The chain cannot be followed reliably until the response is fixed.
Repeated URL	A URL appears more than once in the visible chain.	Canonical, slash, scheme, or host rules may be cycling.
Final HTTPS without HSTS	The final response is secure but does not advertise future HTTPS-only access.	Add HSTS only after certificate coverage, subdomain impact, and rollback risk are understood.

Trace Processing Core

The observed chain starts from the normalized HTTP or HTTPS URL, sends the selected method and user-agent string, follows redirect responses manually, resolves relative Location values, and stops when a non-redirect response appears or a timeout, hop ceiling, invalid target, or failed request prevents another hop.

Inputs that affect the redirect trace and comparison limits
Input or Setting	How It Changes the Trace	Comparability Note
Method preference	Starts the route as HEAD or GET. A `303` changes the next request to GET, while `307` and `308` preserve the current method.	Compare runs only when the method path is the same or when the difference is the subject of the test.
User-Agent profile	Sends a desktop, mobile, crawler, custom, or default identity.	Bot, mobile, and default routes can legitimately differ.
Timeout per hop	Caps each hop between 200 and 4000 milliseconds.	Raising the limit can reveal later hops, but it can also hide a performance problem.
Max redirects	Stops after the selected redirect ceiling, from 1 to 20 redirects.	A higher ceiling is not a fix for a loop or excessive migration chain.
TLS validation	Rejects broken HTTPS certificates when enabled and allows known test endpoints when disabled.	Production evidence should normally keep validation on.

Formula Core

Route health starts at 100 and subtracts bounded penalties for route problems. The score is diagnostic, not a standard published by HTTP specifications.

health = \max (0, 100 - 30 L - 35 F - \min (24, 8 R) - 6 T - \min (16, 8 S) - 15 I - 6 H - \min (12, 4 C) - 18 D - 12 P)

L is 1 when a limit note exists, F is 1 when the final status is not 2xx, R is redirect count, T is temporary redirect count, S is the number of hops above 300 milliseconds, I is 1 when the final URL is not HTTPS, H is 1 when final HTTPS lacks HSTS, C is host handoff count, D is 1 when any HTTPS hop downgrades to HTTP, and P is 1 when a repeated URL appears.

Verdicts are assigned after scoring and hard failure checks. A limit note produces Incomplete trace. A non-2xx final response produces Broken destination. Insecure final paths or HTTPS downgrades produce Upgrade security. A direct successful HTTPS route with HSTS and no slow hop can produce Direct secure path, while a short stable chain with a score of at least 85 can produce Clean redirect path.

Privacy Notes:

The target URL, method choice, user-agent selection or custom string, timeout, redirect ceiling, TLS-validation choice, and HEAD fallback setting are sent to run a live server-side trace. The target site sees the request from the checking service, not from your current browser session.

Do not test secret-bearing URLs such as password-reset links, magic-login links, signed downloads, private dashboards, bearer-token URLs, or internal hosts. A URL can disclose path names, query strings, campaign identifiers, and access tokens even when the page content is not downloaded.

The trace does not include your browser cookies, local login state, extensions, or region unless the target route itself exposes different behavior to the checking service. For account-specific or location-specific paths, confirm the result in a controlled browser or monitoring environment that matches the real audience.

Worked Examples:

A tidy HTTP-to-HTTPS migration

A bare domain starts at HTTP, redirects once to the canonical HTTPS host, finishes at 200 OK, and shows Final security as HTTPS + HSTS. With no slow hops or host surprises, Route health can land in the clean range. The next check is to repeat the route with crawler and mobile profiles before calling the migration complete.

A chain with leftover temporary redirects

A campaign URL returns two 302 responses before landing on the final page. The destination may work, but the temporary redirect count and latency chart show route debt. Keep temporary hops only when the destination genuinely changes by campaign, device, or request context.

A route that rejects HEAD

An origin returns 405 Method Not Allowed to HEAD, then succeeds after fallback to GET. Method path records the fallback, and the hop table shows where it happened. Monitoring should use GET when it needs to match normal browser behavior.

A loop that never settles

A legacy login route alternates between two URLs until the redirect ceiling is reached. Limit note marks the result as incomplete, and Hop Ledger reveals the repeated pair. The last visible row is not a destination; the redirect rules need to be repaired before the landing page can be judged.

FAQ:

Can I enter a bare domain?

Yes. A bare domain is normalized into an HTTP request so scheme redirects to HTTPS are visible in the route.

Why does the result stop before a final page?

A timeout, redirect ceiling, repeated URL, invalid Location, request failure, or redirect without a usable target can stop the trace. Check Limit note and Hop Ledger before raising the ceiling.

Does the checker follow JavaScript redirects?

No. It follows HTTP redirect responses in the 3xx range when they provide a usable Location target. JavaScript, meta refresh, and logged-in browser flows need separate browser testing.

What does HSTS mean in Final security?

It means the last observed HTTPS response included Strict-Transport-Security. It does not prove that every earlier hop was secure or that every other host in the route sends the same policy.

Why can Googlebot or mobile see a different route?

Redirect rules can vary by user agent. Rerun with the matching User-Agent profile and compare Final URL, Host handoffs, Redirect mix, and Method path.

Glossary:

Hop: One request-and-response step in the observed redirect chain.
Location header: The HTTP response header that names the next URI for a redirect.
Permanent redirect: A 301 or 308 response that indicates a lasting move.
Temporary redirect: A 302, 303, or 307 response used for context-specific or non-permanent handoffs.
HSTS: HTTP Strict Transport Security, a response policy that tells browsers to prefer HTTPS for future visits to a host.
Limit note: A stop reason such as timeout or max_redirects showing that the trace ended early.

References:

RFC 9110: HTTP Semantics, IETF, June 2022.
RFC 3986: Uniform Resource Identifier (URI): Generic Syntax, IETF, January 2005.
HEAD request method, MDN Web Docs.
Strict-Transport-Security header, MDN Web Docs.