Patterns to Watch in a Redirect Chain

A redirect chain encodes a sequence of decisions. Below are the patterns most often worth flagging.

HTTP → HTTPS upgrade (healthy)

http://example.com → 301 → https://example.com

Expected. Check that the final response also sets Strict-Transport-Security with a non-trivial max-age and, ideally, includeSubDomains.

www ↔ apex canonicalization (healthy)

https://www.example.com → 301 → https://example.com

Expected. The only thing worth checking is consistency: every internal link in the site should point to the canonical host.

Tracking layer (context-dependent)

https://click.vendor.com/?u=... → 302 → https://target.example.com

A third party logs the click before forwarding. Not a bug, but worth noticing when auditing for privacy.

Loop or over-long chain (bug)

More than 5–10 hops almost always indicates a rewrite rule fighting a configuration, a missing trailing-slash rule, or a locale router that cannot find the visitor's country and bounces them back to the root.