URL Unshortener
Shortened links from bit.ly, t.co, lnkd.in and friends hide where they actually take you. They are also a favourite weapon of phishing. Paste one here and our Cloudflare Worker follows the redirects in your place to reveal where the link really lands.
The Worker never reads the page body โ only the HTTP Location headers.
This is the only tool that talks to a server. Cloudflare Workers follows redirect headers โ we never download the page body.
We only send the URL you pasted. The Workers log records the hostname only โ full URLs are never persisted.
Where this link actually takes you
Redirect chain
How it works
-
Your browser sends a GET to
/api/unshorten?url=.... -
The Cloudflare Worker parses the URL and rejects anything that is not
http/https, plus localhost and private IPs (10.x, 192.168.x, 172.16-31.x, 169.254.x, ::1, etc.) as SSRF protection. -
The Worker calls
fetch(url, { redirect: 'manual' })one hop at a time and follows theLocationheader on 3xx responses. - Each hop has a 5-second timeout, with an overall cap of 15 seconds and 10 hops.
- The response body is discarded immediately โ saves memory and bandwidth, and is also a deliberate signal that we don't read the page.
- The hostname and status code of each hop are returned as JSON and rendered in your browser.
Note: Worker logs keep only hostnames โ full URLs and IPs are never persisted. You are still not perfectly anonymous (Cloudflare's edge sees your IP), so for genuinely suspicious URLs route the request through a VPN or Tor.