Open Redirect

An open redirect vulnerability allows an attacker to craft a URL on a trusted domain that redirects users to an arbitrary external URL. For example, /redirect?url=https://evil.com would send users to the attacker's site while appearing to originate from a trusted domain. Open redirects are often used in phishing attacks to make malicious links appear legitimate. Prevention requires validating redirect destinations against an allowlist of permitted URLs.

Why it matters for your website

• 1Listed in the OWASP Top 10 — one of the most critical web risks
• 2Can lead to data exfiltration, account takeover, or full system compromise
• 3Required to fix before passing security reviews for enterprise customers