FREE TOOL · NO SIGNUP

Link Privacy Checker -free

Unwrap any short link end-to-end. See every redirect hop, every tracking parameter, and every cookie - before you click, server-side, in seconds.

10redirect hops max

0-100privacy score

∞checks / day

attr.so/tools/link-privacy-checker

/ 5 quick steps

How to use this tool.

~ 30 seconds end to end

01
Paste the suspicious URL
A bit.ly, tinyurl, t.co, or any other short link - or just any URL whose chain you are curious about.
02
We follow every hop
Server-side, with redirects set to manual, so we can record every 301/302 along the way.
03
Read the privacy score
100 is squeaky clean; below 50 means heavy tracking, multiple cookie hops, or suspicious patterns.
04
Inspect each hop
Status code, cookies set, tracking parameters present - for every URL in the chain.
05
Compare with a clean linkOPTIONAL
Run your own attr.so short link to see what a single-hop, cookie-free redirect looks like for reference.
Make it trackable

/ Where people use it

Common use cases.

6 most popular

Safety

USE CASE 01

Phishing detection

Strangers sending you a "delivery update" link? Unwrap it before clicking - most phishing relies on hidden destinations.

Audit

bit.ly/abc→t.co/xyz→attr.so

USE CASE 02

Marketing audits

Audit a competitor or partner's campaign URL. See which trackers fire and how many redirects bloat time-to-page.

Research

utm_source = newsletter

utm_medium = email

utm_campaign = Spring%20Sale

utm_content = button_a

USE CASE 03

Privacy research

Quantify how much tracking happens between an ad click and the final landing page - fbclid, gclid, and beyond.

Affiliates

utm_sourceutm_mediumutm_campaign

USE CASE 04

Affiliate compliance

Make sure your affiliate links land where they should and are not silently rewritten by an intermediary.

Social

Hey - new drop today.
attr.so/drop

Got it. Clicking now.

USE CASE 05

Social DM safety

Strange link in a DM? Paste it here to see whether it leads to malware, a sketchy login, or just a campaign.

Ops

USE CASE 06

Compliance sampling

Spot-check vendor or co-marketing links before publishing them on your own site.

/ The difference

Free, then trackable when you need it.

vs typical free tools

Most free tools

What you usually get

One-hop unwrap only. Most "expanders" stop after the first 301 and miss the real destination.
No tracker awareness. The final URL is shown raw, with no explanation of fbclid, gclid, etc.
No cookie inspection. Set-Cookie headers are silently ignored - you do not see who is fingerprinting you.
No safety scoring. You get a destination but no signal of whether it is dangerous.
Logs every query publicly. Many checkers expose recent queries on a "recent links" page.

attr.so · what we ship

What you get here

Up to 10 redirect hops. Most spammy chains exceed 5 hops; we follow up to 10 and report.
Tracker detection at every hop. utm_*, fbclid, gclid, msclkid, mc_cid, yclid, igshid and beyond.
Cookie counting per hop. Each Set-Cookie header is logged so you see exactly how many domains touch the user.
Privacy score (0-100). A single number that weights hop count, trackers, cookies, and suspicious patterns.
No URL logging. We fetch each hop with a sandboxed 6-second timeout and discard the result.

/ FAQ

Frequently asked.

Can't find it? Email us

Is this tool safe to use on suspicious URLs?

Yes - we follow the chain server-side, in a sandboxed fetch with a 6-second timeout per hop, and we never execute the destination's JavaScript. Your machine never makes a request to the suspicious URL.

How many redirects can it follow?

Up to 10 hops. If the chain is longer (rare and usually malicious), we stop and flag it.

Does this detect malware on the final page?

No - we surface structural risk signals (IP-address hosts, .exe downloads, internationalised homographs, known shorteners) but we do not run a full malware scan. For active threats, pair this with VirusTotal or your endpoint protection.

What counts as a tracking parameter?

Anything that uniquely identifies a click for cross-site attribution: utm_*, fbclid, gclid, msclkid, mc_cid, yclid, igshid, _ga, _gl, hsa_*, and more.

Will the link owner know I checked?

Our server makes one HTTP request per hop with a generic AttrToolsBot user agent. The owner's analytics will record a single bot-flavoured visit, not your IP.

Can I check links from email or DMs?

Yes - paste any URL you received in email, SMS, or social DMs. This is one of the safest ways to vet an unknown link before opening it.

What is a good privacy score?

80+ is clean (likely a direct or single-hop redirect); 50-80 means standard marketing tracking; below 50 indicates heavy ad-tech, many cookies, or suspicious patterns worth investigating.

/ Keep going

Pair with these.

Related free tools

QR Code DecoderReveal what a QR code hides UTM Parameter ValidatorCatch UTM typos Meta Tag / OG PreviewSee how a link looks Geo-Block TesterCountry-level blocks

Run your own redirects with attr.so.

Single-hop, cookie-free links with full audit logs - exactly the opposite of what you just unwrapped.

Start free See pricing

/ More from attr.so

Other free tools.

Browse all 12 →

QR Code Generator

QR codes from any URL

Open tool

URL Shortener

Shorten long URLs

Open tool

UTM Parameter Builder

Tag campaigns properly

Open tool

Meta Tag / OG Preview

See how a link looks

Open tool