Cross-Domain Redirections Policy

Catch hidden redirect chains

The Cross-Domain Redirections Policy flags outbound links whose final destination is on a different registered domain from the original href. Hidden hops are one of the most common abuse vectors for legitimate sites — a partner you trust links to a tracker, the tracker silently 302s into a phishing host, and your visitors are walked through it without a click in sight.

What It Does

This policy follows each outbound link's redirect chain and compares the final landing domain against the original.

Cross-registered-domain hops

example.com → bit.ly → suspicious.tld (final domain differs from the href your page actually rendered)

Chain length checks

Excessive 30x bounces, often used to smuggle a destination past reputation scanners

Final scheme downgrade

HTTPS link that ends on plain HTTP — leaks the referrer and loses transport encryption

Why You Need This

Affiliate and ad networks frequently chain redirects through partner domains for tracking. That's expected. What isn't expected is one of those hops being hijacked, expiring, or routing into a malware distribution domain — and once the chain is in motion, your visitor has no UI to back out.

The policy doesn't block by default — it surfaces the chains so you can decide whether to keep the link, swap it for a direct one, or replace the partner entirely.