Security News
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
By Jonathan Leitschuh - Aug 19, 2025
@hint/hint-no-http-redirects
Advanced tools
Avoid HTTP redirects (no-http-redirects)
no-http-redirects checks if there are any HTTP redirects in the page
webhint is analyzing.
Why is this important?
Consider the following simplified description of what happens when a user requests a URL within a browser:
- DNS Lookup: Translate the server domain to an IP. If the browser doesn’t know it, it asks a DNS server which in some cases involves multiple queries until the final IP is obtained.
- Open a TCP connection to the server IP address requesting the URL.
- The server responds to that request by sending some content over the TCP connection. If the resource uses SSL, then TLS negotiation(s) happens as well.
When a redirect occurs, 3. contains the new URL the browser needs to
request, repeating the whole sequence of steps. DNS Lookup isn’t cheap,
neither is creating a TCP connection. The
impact of redirects is felt even more by mobile users, where the network
latency is usually higher.
As a rule of thumb, the more you can avoid redirects the better.
What does the hint check?
This hint checks:
- If the target URL passed to
webhinthas any redirect. E.g.:http://www.example.com-->http://example.com - If any resource in the page has any redirect. E.g.:
http://example.com/script.js-->https://example.com/script.js
and alerts if at least one is found.
Examples that trigger the hint
- Any URL passed to
webhintthat redirects to another one - Any page with a resource (script, css, image) behind a redirect
Examples that pass the hint
- No redirect for resources nor the target URL.
Can the hint be configured?
By default, no redirects are allowed but you can change this behavior.
The following hint configuration used in the .hintrc
file will allow 3 redirects for resources and 1 for the main URL:
{
"connector": {...},
"formatters": [...],
"hints": {
"no-http-redirects": ["error", {
"max-resource-redirects": 3,
"max-html-redirects": 1
}],
...
},
...
}
How to use this hint?
To use it you will have to install it via npm:
npm install @hint/hint-no-http-redirects
Note: You can make npm install it as a devDependency using the
--save-dev parameter, or to install it globally, you can use the
-g parameter. For other options see npm's
documentation.
And then activate it via the .hintrc configuration file:
{
"connector": {...},
"formatters": [...],
"hints": {
"no-http-redirects": "error",
...
},
"parsers": [...],
...
}
Further Reading
FAQs
hint for best practices related to HTTP redirects
We found that @hint/hint-no-http-redirects demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 19 Sep 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Oxlint Introduces Type-Aware Linting Preview
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
By Sarah Gooding - Aug 18, 2025
Security News
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
By Sarah Gooding - Aug 15, 2025