Well this one freaks me out.
I used a Http Header check tool to check the headers of my webpage and guess what.
In every request the response was 302 instead of 200.
domain.con
www.domain.con
http://www.domain.con
So, am i missing something here?
I have not placed any redirect in any way.
So where the f#$% my website redirects? Is there a security hole?
UPDATE: While googling found this one
domain.com is not the same as www.domain.com - that's a redirect.
You are getting this because .net/IIS redirects your www.domain.com or domain.com to www.domain.com/default.aspx, so you get a header with 302 and then one for 200. I think this is by design but very confusing.
Maybe a case of this:
302 Found
This is the most popular redirect code, but also an example of industrial practice contradicting the standard. HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours. However, the majority of Web applications and frameworks still use the 302 status code as if it were the 303.
303 See Other (since HTTP/1.1)
The response to the request can be found under another URI using a GET method. When received in response to a PUT, it should be assumed that the server has received the data and the redirect should be issued with a separate GET message.
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
It's possible that you forgot to add a final slash to the end of your URL. Most webservers will redirect you to the "canonical" location that includes the slash. If you include the slash, you may get the response you're looking for.
Are you using forms authentication? and log in page is some other page than the default page say auth.aspx? If this is the case then you will allways get 302 code and the page will be redirected to login page.
In ASP.Net we can redirect by using Response.Redirect & Server.Transfer.
If we go with server.Transfer the status code 302 will never hit & directly hits the 200.
If we go with Response.Redirect it passes from 302 to 200 as response.. Which is nothing but roundtrip.
Related
I have implemented friendly URL's on my site and I can access products and categories in two ways via the URL.
http://www.example.com/home/electronics/tablets
http://www.example.com/tablets
Now when URL http://www.example.com/tablets is navigated to, it does a permanent redirect (301) to http://www.example.com/home/electronics/tablets but is this the correct redirect code?
I was thinking maybe it should be a 303? Any suggestions would be kindly appreciated.
It depends on whether it's a permanent (301) or a temporary (302) redirection. In practice, it doesn't make a significant difference in browsers.
Why do you think that 303 is suitable?
301 is correct. You are always going to be redirecting there.
302 is inappropriate, you want the result to be cached.
303, to quote the specification, "exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource." So that isn't suitable either.
You can use HTTP 302. It's pretty standard.
Edit: 301 is definitely correct as it's a permanent redirect. I misread the question.
Is there such a thing?
A way it might be used:
Many locations have forms that post to http://www.example.com/wally/app/receiver.aspx
Managements decides they want a cleaner URL and there is no reason to pretend you are using aspx (you didn't really think I was using aspx for that did you?)
They say it should be http://example.com/receiver
Easy enough! Just put a 301 redirect. No need to update all those forms that exist all over..,, but wait.. You can't do that for POST.
Perhaps you can receive and handle the request and then re-write the URL without causing a subsequent request? Perhaps this will not strip the www (cross domain), but can it shorten the pathname like that without a separate request?
Even in GET requests, this would indeed be a performance boost if one could re-write the URL and send the response body at the same. Can this be done?
You cannot send content to user and do 301/302 etc redirect at the same time -- browser interprets the HTTP Response code and acts accordingly to the code received. If 301/302 -- it will do redirect, if 200 -- will display it to the customer.
Is there such thing as a HTTP URL re-write without 301 or 302 redirect?
Yes -- it's called rewrite (internal redirect). For example -- customer requests http://example.com/receiver. You rewrite URL to point to /wally/app/receiver.aspx (e.g. RewriteRule ^receiver$ /wally/app/receiver.aspx [L] -- that's if you have an Apache, which you most likely not (considering receiver.aspx)). This will do internal redirect when URL remains unchanged in browser address bar (works fine with POST and GET methods).
Well, I guess rewriting url suggested by LazyOne is not the answer to the question as he himself states that
This will do internal redirect when URL remains unchanged in browser
address bar
(http://www.example.com/wally/app/receiver.aspx). Still, the question asks for
(...) it should be http://example.com/receiver
I think the solution is to redirect old url to the new one using 307 status code introduced in RFC 2616. User agents which handle version 1.1 of HTTP protocol (I guess all popular browsers for some time now) should make the new request using the same http method (POST in this case) as in the original request.
Our ASP application is moving to a new server and I want to implement a permanent URL redirection. I am aware of the following two approaches, but I need to understand which one to use and when.
Option 1:
<%# Language=VBScript %><% Response.Redirect "http://www.example.com" %>
Option 2:
<%# Language=VBScript %><% Response.Status="301 Moved Permanently"
Response.AddHeader "Location","http://www.example.com/" %>
Thanks,
Nikhil.
Response.Redirect issues a 302, which is a temporary redirect. 301, using the Response.AddHeader that you listed, is for permanent redirects.
The differences between 301 and 302 have some importance with search-engine-optimization. A 301 will hold all of your search rankings from the old location. On the flip side, if you DON'T want your new page to be indexed, you can use a Response.Redirect (302) since the engines will consider the redirect temporary. Google doesn't index 302's because a lot of spammers use it to try to increase their rankings.
Since you're permanently moving to a new server, a 301 is the best way to go.
Response.Redirect() (and the equivalent method RedirectPermanent() for a 301) does a lot of things behind the scenes. It null checks the requested URL string, encodes it, calls the event handlers for the Redirecting event if there are any, and finally calls Response.End(), which flushes the response back to the browser and aborts the current thread.
Ultimately, you probably won't notice much difference between setting headers manually and calling redirect.
Incidentally, there are more (and better) options for handling this. IIS has a URL Rewriting module, which would let you redirect a given URL without ever calling your page as a request handler, and centrally manage your URL's for easier management of search engines.
A normal redirect will by default use HTTP status 302. A redirect with status 301 will not be indexed by searchbots (like Googlebot) and if they were, they will be removed from existing indexes. Very useful if you want to "update" an old URL to a newer URL. The searchbot will index redirects with status 302 anyway, so you may likely end up with pollution in search results. You'd normally use status 302 for for example PRG pattern and status 301 for permanent redirects like as you're doing now.
Response.Redirect sends a "302 - moved temporarily" status code to the browser, which may or may not be okay depending on what you are doing. If you are redirecting to the correct location for your content, you want to do the 301 redirect because search engines will not crawl properly against a 302.
Is the client supposed to behave differently? How?
Status 301 means that the resource (page) is moved permanently to a new location. The client/browser should not attempt to request the original location but use the new location from now on.
Status 302 means that the resource is temporarily located somewhere else, and the client/browser should continue requesting the original url.
When a search engine spider finds 301 status code in the response header of a webpage, it understands that this webpage no longer exists, it searches for location header in response pick the new URL and replace the indexed URL with the new one and also transfer pagerank.
So search engine refreshes all indexed URL that no longer exist (301 found) with the new URL, this will retain your old webpage traffic, pagerank and divert it to the new one (you will not lose you traffic of old webpage).
Browser: if a browser finds 301 status code then it caches the mapping of the old URL with the new URL, the client/browser will not attempt to request the original location but use the new location from now on unless the cache is cleared.
When a search engine spider finds 302 status for a webpage, it will only redirect temporarily to the new location and crawl both of the pages. The old webpage URL still exists in the search engine database and it always attempts to request the old location and crawl it. The client/browser will still attempt to request the original location.
Read more about how to implement it in asp.net c# and what is the impact on search engines -
http://www.dotnetbull.com/2013/08/301-permanent-vs-302-temporary-status-code-aspnet-csharp-Implementation.html
Mostly 301 vs 302 is important for indexing in search engines, as their crawlers take this into account and transfer PageRank when using 301.
See Peter Lee's answer for more details.
301 redirects are cached indefinitely (at least by some browsers).
This means, if you set up a 301, visit that page, you not only get redirected, but that redirection gets cached.
When you visit that page again, your Browser* doesn't even bother to request that URL, it just goes to the cached redirection target.
The only way to undo a 301 for a visitor with that redirection in Cache, is re-redirecting back to the original URL**. In that case, the Browser will notice the loop, and finally really request the entered URL.
Obviously, that's not an option if you decided to 301 to facebook or any other resource you're not fully under control.
Unfortunately, many Hosting Providers offer a feature in their Admin Interface simply called "Redirection", which does a 301 redirect. If you're using this to temporarily redirect your domain to facebook as a coming soon page, you're basically screwed.
*at least Chrome and Firefox, according to How long do browsers cache HTTP 301s?. Just tried it with Chrome 45.
Edit: Safari 7.0.6 on Mac also caches, a browser restart didn't help (Link says that on Safari 5 on Windows it does help.)
**I tried javascript window.location = '', because it would be the solution which could be applied in most cases - it doesn't work. It results in an undetected infinite Loop. However, php header('Location: new.url') does break the loop
Bottom Line: only use 301s if you're absolutely sure you're never going to use that URL again. Usually never on the root dir (example.com/)
301 is that the requested resource has been assigned a new permanent URI and any future references to this resource should be done using one of the returned URIs.
302 is that the requested resource resides temporarily under a different URI.
Since the redirection may be altered on occasion, the client should continue to use the Request-URI for future requests.
This response is only cachable if indicated by a Cache-Control or Expires header field.
The main issue with 301 is browser will cache the redirection even if you disabled the redirection from the server level.
It's always better to use 302 if you are enabling the redirection for a short maintenance window.
There have already been plenty of good answers, but none tells pitfalls or when to use one over the other from a plain browsers perspective.
Use 302 over a 301 HTTP Status whenever you need to keep dynamic server side control about the final URL. Using a 301 http status will make your browser always load the final URL from its own cache, without fetching anything of any previous URL (totally skipping the first time request). That may have unpredictable results in case you need to keep server side control about the redirected URL.
As an example, in case you need to do URL redirection on behalf of a users ip-geo-position (geo-ip-switching) use 302. If you would use a 301 in such a scenario, the final redirected page will always come directly from the browsers cache, giving incorrect/false content to the user.
301 is a permanent redirect, and 302 is a temporary redirect.
The browser is allowed to cache the 301 but 302 means it has to hit our system every time. assuming that we want to minimize the load on our system, 301 is the right decision. Imagine creating URL shortening service for a big company, we try to get as less hit to our servers by the clients
But if the user wants to edit their short URLs, it might take more time than usual for the browser to pick up the change because the browser has the old one cached. Also, if you want to offer users metrics on how often their URL is getting hit, 301 would mean we would not necessarily see every hit from the client. So if you want analytics as a feature later on and a smooth user experience for editing URLs, 302 is a better choice.
friendfeed.com uses 302.
bit.ly uses 301.
I had decided to use 303.
Do they behave differently in terms of support by browsers ?
It depends on your purpose.
301 says “this isn't the proper URL, look elsewhere and use remember that other URL is better; don't come back here!”.
302 says “this is the proper URL which you should carry on using, but to actually get the content look elsewhere”.
303 is like 302 but specifically for redirections after a form submission.
If your purpose is a URL shortener then 303 isn't really relevant. It'll still work, but offers nothing over the normal 302. For a URL shortener I'd say 301 would be most suitable, as the other URL is the ‘real’ one. Saying 302 is trying to keep the ownership of the address and any SEO momentum caused by its use for yourself: a bit rude, but maybe you want to be rude.
Different status codes have different meanings. The HTTP specification describes them: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
301 — moved permanently (and change an
302 — found here
303 — find your response here, but use GET even if you started out with POST
If we take, for example, an Atom feed that has the URL changed for some reason (perhaps it is being moved to Amazon S3 or something). Given a 301 result, the feed reader should note that the feed has moved and update it's subscription. Given a 302, it will get the feed from its new location, but hit the original server looking for the original URI every time it checks for an update. (And a 303 would be silly in this situation).
Read http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html for the answer.
10.3.2 301 Moved Permanently
The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.
10.3.3 302 Found
The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.
Have a look at the HTTP 1.1 Status Code definitions. Different status codes imply different meanings and, therefore, encourage different behavior. Try to use the code which best matches your use case.
301 is for a permanent redirect and if this is what you want to do then this is recommended by all SEO experts.
"A 301 redirect is a permanent redirect that passes full link equity (ranking power) to the redirected page. 301 refers to the HTTP status code for this type of redirect. In most instances, the 301 redirect is the best method for implementing redirects on a website."
https://moz.com/learn/seo/redirection#:~:text=A%20301%20redirect%20is%20a,implementing%20redirects%20on%20a%20website.