How does it follow redirects without clicking?

It fetches the URL through a public CORS proxy, which returns the response headers including the Location header on a 3xx redirect. The tool reads that header, then requests the next URL, repeating until it reaches a non-redirect response or a hop limit.

Why is a proxy needed at all?

Browsers block reading cross-origin responses and redirect headers directly due to the same-origin policy. A CORS-enabled proxy adds the headers that let the browser read the response, which is what makes header inspection possible from a web page with no API key.

Is it safe to trace a malicious link?

Tracing only reads the redirect headers — it does not render the page, run its scripts, or submit anything. That is much safer than clicking. Still, never enter credentials on a destination you reached this way until you have verified it independently.

Why might tracing fail or stop early?

Some shorteners use JavaScript or meta-refresh redirects rather than HTTP 3xx, which header inspection cannot see. Others block proxies or require cookies. When that happens the tool reports the last hop it could reach and stops at the hop limit to avoid loops.

Does it store the links I check?

No. The request goes from your browser through the public proxy to the target and back; this page does not log or store the URLs you trace.

URL Unshortener & Redirect Tracer

See where a short link really goes

Shortened links hide their destination, which is exactly what makes them useful for phishing and malware. This tracer expands them safely: it follows each HTTP redirect hop and shows you the status code and the next location at every step, ending at the final landing URL — all without rendering the page or running any of its scripts.

How it works

Browsers cannot read cross-origin redirect headers directly because of the same-origin policy, so the tool routes each request through a public CORS proxy that adds the headers the browser is allowed to read:

It requests the short URL through the proxy and reads the HTTP status. On a 3xx response it reads the Location header to find the next URL.
It resolves that location (relative locations are resolved against the current URL) and requests it the same way.
It repeats, recording every hop, until it reaches a non-redirect status (2xx, 4xx, 5xx) or a hop limit of around ten, which prevents infinite redirect loops.

The result is the full chain from the short link to the final destination.

Notes and limits

Only HTTP-level redirects (301, 302, 303, 307, 308) are visible to header inspection. Some shorteners redirect with client-side JavaScript or an HTML meta-refresh — those cannot be traced this way, and the tool will stop at the last HTTP hop it can see. Public proxies can be rate-limited or occasionally down; if a trace fails, try again shortly. Tracing reveals the destination but does not vouch for its safety — treat any unexpected login or download page with suspicion, and verify the domain independently before trusting it.