What exactly are open redirects? They are a special type of web redirect that uses an unvalidated link, sometimes submitted by the user. Normally, a redirect will take the user to a specific destination that is fully defined on the server.
For example: a safe redirect is one that takes the user from URL A to URL B while remaining on the same server.
Open redirects, on the other hand, are either defined by a variable or redirect depending on the user input.
In a tweet, John Mueller recommended that open redirects not be used on a website:
Please see this link to the tweet for more details.
Why are open redirects so terrible? For one thing, they are dangerous because hackers can use them for phishing attacks. They also increase the possibility of negative results when it comes to search performance.
Open Redirects Can Be Manipulated by Attackers
These types of redirects can be manipulated by attackers. One example of an attack is when hackers use an open redirect on your site to link to a fake page where personal data can be grabbed from the user.
Another example is redirecting to malware pages. If someone does this, then your site’s URL is likely to be flagged.
When a URL is flagged, it is labeled as malware. This labelling will discourage new users from visiting yoursite and it can damage your site’s reputation.
Another problem with open redirects is in regards to crawling and indexing.
The danger of open redirects is that they can create many different kinds of redirects. This can result in a dangerous number of URLs that Google then has to crawl.
When this type of URL growth occurs, the technical issue is usually referred to as index bloat.
This is when Google’s index has more URLs than the website physically has.
Ironically, Google Has Been Caught Using Open Redirects Before
What’s interesting is that this happened in 2020, as NakedSecurity.Sophos.com reported:
The author goes on to explain that hackers use this exploit in order to lead people from trustworthy domains (such as Google) to websites they would otherwise not click on.
This is why open redirects are so dangerous and why using them can cost you search performance.
If you want to learn more about the finer technical details of open redirects, we strongly recommend investing a bit of time into reading the article linked above.
That’s OK. Can’t We Just Limit Crawling of These Redirects?
No. In another tweet, Gary Illyes wrote that the solution is actually not to limit the Googlebot crawl rate, but you want to fix that open redirect.
In other words, don’t assume that simple tricks, like restricting Googlebot, will help in any significant way.
It’s always better to fix a problem than use temporary solutions and band-aids. Get rid of that open redirect and you won’t have to worry about crawling.
Featured Image: Shutterstock / Apr 2021