What Is a URL Shortener? A Plain-English Guide to How They Work
What is a URL shortener? A clear guide to how they work (301 vs 302, base62), the benefits, the real risks, and how to choose one.
You copy a link to share it — a product page, a sign-up form, a Google Maps location — and it’s a tangled string of 180 characters full of ?utm_source= and random IDs. It looks broken in a text message, wraps onto three lines in an email, and is impossible to read aloud or print on a flyer. A URL shortener fixes exactly this. But behind that simple convenience there’s a small piece of internet plumbing worth understanding — especially before you trust one with your links, your clicks, and your readers.
A URL shortener is a tool that turns a long web address into a short one that automatically redirects to the original. Instead of sharing example.com/products/2026/spring-collection?ref=newsletter&utm_campaign=launch, you share something like mnly.io/AbC123. Click the short version and you land on the long one. This guide explains how that works under the hood, why people use shorteners, the downsides nobody advertises, and how to pick one without getting quietly capped or tracked.
What is a URL shortener? (definition)
At its core, a URL shortener does one job: it maps a short, memorable address to a long, unwieldy one. When someone visits the short link, the shortener’s server looks up where it’s supposed to go and forwards the visitor there. The visitor barely notices the detour.
Every short link has the same simple anatomy:
- The domain — the part before the slash, e.g.
bit.ly,tinyurl.com, or your own branded domain likego.yourbrand.com. - The short code — the bit after the slash, e.g.
AbC123. This is sometimes called the back-half, and on many tools you can customise it (e.g./spring-saleinstead of a random string).
A quick before-and-after makes it concrete:
Before:
https://maps.example.com/place/Caf%C3%A9-du-Coin/@48.8566,2.3522,17z/data=!3m1!4b1!4m6
After:mnly.io/cafe
The idea isn’t new. TinyURL, launched in 2002, is widely cited as the first notable URL-shortening service (an earlier patent for the underlying concept was filed in 2000). Shorteners exploded alongside Twitter in the late 2000s, when a 140-character limit made long links genuinely painful, and they’ve been a marketing and sharing staple ever since.
How do URL shorteners work? (step by step)
The magic is mostly a database lookup followed by an HTTP redirect. Here’s the full journey, broken into three steps.
Step 1 — You submit a long URL, and it gets stored
When you paste a long URL into a shortener, the service saves it in a database and assigns it a unique record — think of it as a numbered row in a giant spreadsheet. That number (or a value derived from the link) becomes the basis for the short code. Nothing about the original URL is “compressed”; the long version still lives in full on the shortener’s server, ready to be served back.
Step 2 — The short code is generated (base62, explained)
The short code needs to be brief but unique across millions of links. Most shorteners build it with base62 encoding. Where everyday numbers use base 10 (digits 0–9), short codes typically use base 36 or base 62 encoding, hashing, or random generation. Base62 uses 62 characters: the digits 0–9, the lowercase letters a–z, and the uppercase letters A–Z.
Why bother? Compactness. With 62 possible characters per position instead of 10, you fit far more combinations into fewer characters. Seven base62 characters give you roughly 62⁷ ≈ 3.5 trillion possible codes — enough to never run out, while keeping the link short enough to read aloud. (For more on the encoding math, see this explainer on base62 in shortening algorithms.)
Not every shortener encodes a sequential ID. Some hash the URL (run it through a function that produces a fixed-length fingerprint) and use part of the result; others generate codes randomly. There’s a privacy angle here: if codes are simply 1, 2, 3… in base62, anyone can guess neighbouring links and crawl what other people have shortened. Random or hashed codes avoid that leak, which is why thoughtful services don’t expose predictable sequences.
Step 3 — The redirect (301 vs 302), the core mechanism
This is the part that actually moves the visitor. When someone clicks mnly.io/cafe, their browser asks the shortener’s server for that address. Instead of returning a page, the server returns an HTTP redirect: a short response that says, in effect, “not here — go to this other address instead.” The browser obediently requests the real destination, and the visitor lands on the long URL.
The redirect comes with a status code, and the two you’ll meet most are 301 and 302. Shorteners redirect via HTTP status codes such as 301 (permanent), 302 (found/temporary), and 307 (temporary). The difference matters more than it sounds:
- 301 — Permanent. The browser is told the move is final, so it caches the redirect and skips the shortener on future visits, going straight to the destination. That’s fast and SEO-friendly — but it also means later clicks may never touch the shortener, so your click count undercounts.
- 302 — Temporary. The browser is told the move might change, so it re-asks the shortener every time. That’s slightly slower, but the shortener sees every click (better analytics) and you can change the destination later without reprinting the short link.
Because of that trade-off, a temporary (302/307) code is often recommended for short URLs: it lets you edit the target after sharing and counts clicks accurately, whereas a permanent 301 gets cached so some visits bypass the shortener entirely. Analytics-focused tools tend to favour 302/307; tools optimising purely for SEO link equity may prefer 301. We’ll return to the SEO question below.
What about speed? (the extra hop)
A short link is never quite as direct as the raw URL. Each access of a shortened link adds extra DNS lookups and an HTTP request, increasing latency and adding a point of failure. In practice the extra hop is usually a few milliseconds — imperceptible to humans. But it’s a real dependency: the visitor now relies on the shortener being online and fast. If the service is slow, every link is slow; if it’s down, every link is down. That dependency is the seed of the biggest downside, which we cover shortly.
Why use a URL shortener? (benefits)
If a long URL works fine when clicked, why add a layer? Several solid reasons:
- Cleaner, more shareable links. Short links look trustworthy in social posts, fit on a slide, survive being read aloud on a podcast, and don’t break across lines in email or SMS.
- Character limits. Short links matter where every character counts — SMS, print, business cards, packaging. One nuance worth knowing: on X (Twitter) it doesn’t help, because X wraps every link through its own t.co shortener so all URLs count as exactly 23 characters. A third-party shortener saves you nothing on X — but it still helps everywhere else.
- Click analytics. Because clicks pass through the shortener, it can record how many people clicked, where they were, what device they used, and which channel sent them. This is the single biggest reason marketers shorten links.
- Branded domains. Replacing
bit.lywith your owngo.yourbrand.combuilds recognition and trust — people are far likelier to click a link that carries a name they know. - Editable destinations and QR codes. With a 302 redirect you can repoint a printed link after the fact, and most shorteners can turn any short link into a scannable QR code for the physical world.
If analytics and QR are your priorities, those are the two features where free plans differ most — we compare them honestly later, and you can see how Minily handles link analytics and QR codes on its feature pages.
Common use cases
Shorteners show up wherever a link has to be small, trackable, or printable:
- Social media and bio links — tidy links in posts and the one-link-in-bio slot.
- Print and QR — posters, packaging, restaurant menus, business cards, event badges. A short link or QR bridges the physical world to a web page (try a free QR code generator to see this in action).
- Marketing campaigns — attach UTM parameters to a short link to see which campaign, channel, or ad actually drove clicks.
- SMS and email — where long links look like spam or get truncated.
- Internal team shortcuts — “go-links” like
go/payrollthat point staff to the right doc without anyone memorising a URL.
The honest downsides (what shorteners don’t fix)
A guide that only lists benefits is a sales pitch, not a guide. Shorteners have real, well-documented downsides — know them before you build anything important on top of one.
Link rot: if the service dies, every link dies
Because a short link is just a pointer, it’s only as durable as the company holding the pointer. If the shortening service stops working, all of its links break — this is “link rot.” It has happened: when Google retired goo.gl, vast numbers of links across the web stopped resolving. The lesson: for anything meant to last (printed materials, archived references, permanent campaigns), use a reputable, well-funded service — and ideally one that lets you use your own custom domain, so you could repoint the links if you ever switched providers.
Security and phishing: short links hide the destination
A short link’s greatest convenience — hiding a long URL — is also its greatest abuse vector. You can’t see where bit.ly/x7Yq goes until you click, and attackers exploit exactly that. The numbers are sobering. According to threat-intelligence firm Cofense (data spanning July 2024–June 2025), in one commonly abused shortener’s case 28% of campaigns delivered malware such as Pure Logs Stealer. The same research found that t.ly was the most frequently observed shortener in its phishing data, and just under 15% of campaigns using a t.ly link delivered malware — meaning the large majority of malicious t.ly links aimed instead at credential theft (fake Microsoft 365, Google Workspace, and banking logins). TinyURL also ranks high with attackers, largely because it needs no account — links can be made instantly and anonymously.
The risk is worse on phones: mobile devices offer limited URL previews, no hover-to-preview on touchscreens, and in-app browsers that can bypass some security checks. How to stay safe as a clicker:
- Preview before you click. Many shorteners offer a preview mode (add a character to the link, or use the service’s preview feature) that shows the real destination first.
- Be wary of unsolicited short links, especially in email and SMS asking you to “log in” or “verify.”
- As a link creator, prefer services that scan destinations and let you protect sensitive links — for example with password protection — so a leaked short link isn’t an open door.
Privacy: who’s logging your clicks?
Every click through a shortener is a data point that someone records. Some services log generous detail and monetise or share it; others keep aggregate, anonymised stats. If you operate in the EU or handle personal data, this matters for GDPR. Two things to check: what the service stores about your visitors (and for how long), and whether short codes are sequential — predictable IDs can let outsiders enumerate and harvest links, as noted earlier. A service that keeps analytics at the aggregate level (counts, countries, devices — not individual identities) is the safer default for privacy-conscious teams.
The SEO myth: do shorteners hurt rankings?
A persistent worry is that shortened links bleed away “link juice” (the ranking value a link passes). The short answer: not when the shortener uses a proper 301 redirect. Google treats a 301 from a shortener like any other permanent redirect, and reputable shorteners using 301 pass link equity. The old fear of a fixed PageRank penalty is outdated: Google’s John Mueller confirmed that 301 redirects no longer lose PageRank (corroborated by Rebrandly’s breakdown of 301 behaviour). The caveats: avoid 302-only services for links you want indexed, and avoid redirect chains (a short link pointing to another redirect pointing to another) — each extra hop dilutes value and adds latency. For an inbound backlink you care about for SEO, a direct link or a clean single 301 is best.
How to choose a URL shortener (criteria)
“Free URL shortener” lists rarely tell you where the free tier quietly caps you. Judge any tool against these criteria — in roughly this order of importance for most people:
- Free-plan generosity. How many links do you actually get? This is where tools differ wildly (see the table below).
- Analytics depth. A raw click count is nearly useless. Look for per-link breakdowns by country, city, device, OS, and referrer — and whether they’re free or paywalled.
- Custom / branded domains. Your own domain builds trust and protects you against link rot if you switch providers.
- QR codes. Increasingly table-stakes for print and packaging. Check whether they’re unlimited or rationed.
- Security and privacy. Destination scanning, password protection, sane data retention, GDPR posture, and non-sequential codes.
- Redirect type and editability. 301 vs 302 (see above), and whether you can change a destination after sharing.
- Ads / interstitials. Some free plans inject an ad page before your destination — a poor experience for your visitors. Check before committing.
- API access. If you’re a developer automating link creation, you need a documented public API — and not every tool has one (Minily, for instance, does not).
A neutral look at popular URL shorteners (free plans, as of June 2026)
Free-plan limits change often, so treat the table as a snapshot and re-check the official pricing page before you commit. Each cell below is drawn from the providers’ own pages where possible.
| Service | Free links | Analytics on free | QR codes | Custom domain | Notes |
|---|---|---|---|---|---|
| Bitly | 5 / month | No history | 2 / month | No | No data history on free; 1,000 API requests/mo |
| TinyURL | ~100 | No usable analytics | Auto per link | No | Permanent redirects, link history, custom alias; Pro from $9.99/mo |
| Dub.co | No free plan (14-day trial) | Yes (paid) | Yes | Yes (paid) | Open-source, API access, UTM templates; paid plans from $75/mo (10K links/mo, 100 domains) |
| Short.io | 1,000 branded / month | Yes (capped clicks) | Yes | Yes | ~50,000 tracked clicks/month on free (verify on official pricing) |
| Rebrandly | ~10 branded / month | Basic | Yes | 1 domain | Branded-link focus (verify on official pricing) |
| Minily | 5 total | Yes (clicks, top-3 countries, last 10 clicks) | Unlimited | No (Pro) | Free password protection, conditional redirects, UTM builder, CSV export; no public API |
Plain-spoken takeaways:
- Bitly is the best-known name with a polished product, but its free tier is unusually thin: just 5 links and 2 QR codes a month, no historical analytics on free, and no branded domain. Great brand, stingy free plan.
- TinyURL wins on no-friction simplicity and roughly 100 free links, but offers no real analytics — fine for casual sharing, weak for marketing.
- Dub.co is the developer-friendly, open-source choice with a strong API and the option to self-host. If you want to automate link creation or run it on your own infrastructure, it’s a strong pick; the catch is that its hosted plans now start at $75/mo (with a 14-day trial rather than a permanent free tier), and the self-host route requires technical setup.
- Short.io and Rebrandly lean into branded links at scale, with more generous (Short.io) or domain-focused (Rebrandly) free tiers.
- Minily is EU-based and unusual in giving real analytics, unlimited QR codes, password protection, geo/device conditional redirects, a UTM builder, and CSV export on the free plan — with GDPR-friendly aggregate exports (no personal data). The honest catch: the free plan is capped at 5 links total (not per month), and there’s no public API, white-label, or CRM integration. It fits individuals and small teams who want genuine analytics and QR without paying, not high-volume or API-driven workflows. Tags, custom domains, full analytics, and live mode live in the Pro plan (5€/mo).
In short: there is no universal “best” shortener — only the best fit for your link volume, your need for analytics, and whether you require an API. Match the criteria above to your actual use case.
Frequently Asked Questions
What is a URL shortener in simple terms?
It’s a tool that turns a long web address into a short one that redirects to the original. Share mnly.io/cafe instead of a 150-character link, and anyone who clicks lands on the full address automatically.
How do URL shorteners work?
The service stores your long URL in a database and assigns it a short code. When someone clicks the short link, the server looks up the original address and returns an HTTP redirect (usually a 301 or 302) that sends the visitor to the real destination.
Are URL shorteners safe?
They’re safe when you trust the source and the service, but they hide the destination, which attackers exploit — Cofense found that for one heavily abused shortener, 28% of campaigns delivered malware, with most other malicious links aiming at credential theft. Preview or expand a short link before clicking, be cautious with unsolicited links (especially on mobile), and as a creator, choose a service that scans destinations and offers protection like passwords.
Do URL shorteners hurt SEO?
No, not when the service uses a proper 301 permanent redirect — Google passes link equity through a reputable 301, and the old PageRank penalty no longer applies. Avoid 302-only services for links you want indexed, and avoid redirect chains.
What’s the difference between a 301 and a 302 redirect?
A 301 is permanent: browsers cache it and skip the shortener next time (fast, SEO-friendly, but click counts can undercount). A 302 is temporary: browsers re-ask the shortener each time, so it captures every click and lets you change the destination later — better for analytics and editability.
Do short links expire?
It depends on the service. Reputable shorteners keep links permanent, but if the company shuts down, every link breaks (link rot). Some tools also let you set intentional expiration or scheduling — Minily, for instance, supports link expiration and scheduled activation as a feature.
Is there a free URL shortener?
Yes — but free tiers vary a lot. As of June 2026, Bitly gives 5 links/month and 2 QR codes/month, with no historical analytics on the free tier, TinyURL offers ~100 links with no real analytics, Dub.co has no permanent free plan (a 14-day trial, then paid from $75/mo), and Minily gives 5 free links with real analytics, unlimited QR codes, and conditional redirects. Always check the current official pricing.
What is base62 encoding?
It’s the character system most shorteners use to build short codes: the 62 characters 0–9, a–z, and A–Z. Using 62 characters instead of 10 packs many more combinations into a few characters — just 7 base62 characters yield about 3.5 trillion possibilities.
Why does X (Twitter) say my link is 23 characters?
Because X automatically wraps every link through its own t.co shortener, so all URLs count as exactly 23 characters regardless of length. A third-party shortener saves no characters on X — though it still helps on SMS, print, email, and slides.
The bottom line
A URL shortener is a small, useful piece of plumbing: a database lookup plus an HTTP redirect that turns a long link into a short, shareable, often trackable one. Understanding the mechanics — base62 codes, the 301-vs-302 trade-off, the extra hop, link rot, and the real security and privacy stakes — lets you use one deliberately instead of blindly.
When you choose a tool, ignore the brand name and weigh what you actually need: how many links, how much analytics, whether you want QR codes, branded domains, an API, and how the service handles your visitors’ data. If you want to see how one approach handles the core mechanics — clean redirects, free analytics, and unlimited QR — you can explore Minily’s URL shortener and the honest free-versus-Pro breakdown on the pricing page. Whatever you pick, pick it knowing how it works.