Redirects are used for various reasons.
One reason is that it increases privacy. When you follow a link, your browser send a referer - the site you are coming from.
This means the owner of the website you are going to exactly knows from where you came.
A redirect page in between obscures this. Say the page you are viewing is SO. SO doesn't use a redirect for links. This means whenever an external site is linked from SO and you follow that link, the owner of the external site exactly knows from which SO answer (or question) you came to his site.
If there was a redirect in place, the third party would only get to know that you came from somewhere on SO, but no longer from where exactly. If an SE redirect was used, he might only get to know that you came from somewhere inside the whole SE network.
Another reason can be security. Some sites use GET parameter to store session IDs (this was much more popular in the past, where users not using cookies was a much greater concern). Leaking the session ID to a third party is dangerous because it allows the account to be (temporarily) overtaken. A redirect solves this by not leaking the session ID through it.
But there are other reasons. A website owner might want to track which links a user clicks. This is ordinarily not possible. A redirect can easily be used to count which link is clicked how often.
You can also display information pages in between. This can be done for various reasons - to notify the user he leaves your site (and the curated content), or to display additional ads when the user is leaving anyways.
The reasons are manifold, and none of them are outright bad.
There are several techniques which can be used to obscure this on first sight from the user.
<a href="redirect.php?url=example.org">example.org</a>
Note that in this example, you only see example.org
as link, but it actually goes to redirect.php?url=example.org
. In this case, you are able to see this on mouse over in the corner of your browser.
You can, however, also use JS to obscure it:
<a href="#" onclick="javascript:window.location='redirect.php?url=example.org'">example.org</a>
Here, the link relies on JavaScript being enabled in your browser and uses that to bring you to the (obscured) location. This can not be seen by mouse over, but by inspecting the page source.
There are even better ways to obscure this with JS that get more and more difficult to find out.
This can be used to deceive users. Thats one of the reasons URL-shorteners have become unwanted on a lot of platforms - because they use the same redirecting technique, the users doesn't see where he ends up, and because you don't know what kind of information the URL shortening service tracks from your users.
1The
hxxp
thing is a red herring. That is just because new users on some forums aren't allowed to post live URLs. – Michael Hampton – 2016-08-06T04:47:14.2001
I created the Analgesic chrome extension due to these misbehaviors that I find really annoying. Slack being one of the worst due to their overloaded servers which tend to increase the time to open a link by more than 1 second.. But Google and many others use this technique, mostly for analytics and tracking purposes.
– Balthazar – 2016-08-06T09:59:48.1801
I call it "link indirection". Google and GMail do it. Reddit does it as of 2016. In the case of Google, there's a Chrome extension to block it https://chrome.google.com/webstore/detail/dont-track-me-google/gdbofhhdmcladcmmfjolgndfkpobecpg
– Colonel Panic – 2016-08-06T11:05:19.510