Violation Type:Nonsemantic Redirection

From Violations Tracker
Jump to: navigation, search
Violation Type
FAKEREDIRECT

Nonsemantic Redirection

Violation InstanceViolator
Twitter/FAKEREDIRECTTwitter


A redirection service (for example, an URL shortener) uses a method of redirecting a web browser other than an HTTP-level 3xx response code.

This may be done for tracking purposes; in other words, redirection via a Refresh header or JavaScript, such that JavaScript injected on the page can perform analytics functions.

In some cases, the issuance of an HTML page with a Refresh header instead of a 3xx response with a Location header may be predicated on user agent, so as not to affect things which do not appear to be a web browser.

Insofar that the term "redirect" has specific HTTP connotations, it is misleading to advertise a service as providing redirection when it actually provides an auto-refreshing page. The redirection URL may also not function correctly if user agent sniffing does not work correctly and the service erroneously assumes the web client supports Refresh headers or JavaScript, or if the web client otherwise expects a semantically accurate representation of the resource to be returned.

In addition to the fact that such practices are likely to break things, the principal motive to institute such a practice is that it facilitates user tracking, which users may not be in a position to be aware of or consent to.