R
Redirect Tracer

How to Block Redirects in Chrome

How to block unwanted redirects in Chrome using built-in settings, Safe Browsing, pop-up blocker, and extensions like uBlock Origin. Includes when blocking redirects causes issues.

Chrome does a reasonable job of blocking malicious redirects on its own. But if you are still getting bounced to unwanted pages, the default settings may not be enough. This guide covers every method available to block redirects in Chrome, from built-in protections to third-party extensions, and explains when blocking redirects can actually cause problems.

For background on how redirects work at the protocol level, see the HTTP Redirect Guide. If you are dealing with redirects across multiple browsers, our guide on how to stop redirects covers Firefox, Edge, and Safari as well.

Why Chrome Redirects Happen

Before blocking redirects, it helps to understand where they come from. Not all redirects are malicious, and not all of them should be blocked.

Legitimate Redirects

Most redirects on the web are intentional. When a website moves a page, it sets up a redirect from the old URL to the new one. When you log in, the site redirects you from the login form to your dashboard. When you visit an HTTP URL, the site redirects you to the HTTPS version. These redirects are normal, expected, and necessary. Blocking them would break the web.

Malvertising Redirects

Ad networks occasionally serve ads containing JavaScript that redirects your browser to another page. You land on a legitimate news article, and a bad ad fires a script that sends you to a scam page selling fake antivirus software or a dubious product. The site you were visiting did not intend for this to happen. The ad network served a compromised creative.

Malicious Site Redirects

Some websites are built specifically to redirect visitors. They might use JavaScript, meta refresh tags, or even invisible iframes. These sites often appear in search results for trending topics and redirect you through a chain of tracking URLs before landing on a spam page.

Browser Hijackers

Malware or adware installed on your computer can modify Chrome's behavior to inject redirects. These hijackers may change your default search engine, homepage, or new tab page, and they can intercept URL requests to insert affiliate tracking redirects. If your redirects happen on every site you visit rather than on specific sites, a hijacker is likely the cause.

Open Redirects

Some legitimate websites have vulnerabilities called open redirects that allow attackers to craft URLs on a trusted domain that redirect to a malicious destination. These are particularly dangerous because the initial URL looks safe.

Method 1: Chrome's Built-in Pop-up and Redirect Blocker

Chrome has a built-in blocker that prevents most unwanted pop-ups and redirects. It is enabled by default, but it is worth verifying that it is still on and configured correctly.

Check Your Pop-up Settings

  1. Open Chrome and go to chrome://settings/content/popups
  2. Make sure "Don't allow sites to send pop-ups or use redirects" is selected
  3. Check the "Allowed to send pop-ups and use redirects" list for any sites you do not recognize and remove them

Chrome's pop-up blocker handles the most common redirect attacks: JavaScript-triggered navigations that open new tabs, window.open() calls from ad scripts, and pages that try to navigate you away without a user-initiated click.

How It Works Under the Hood

Chrome uses a combination of heuristics and the Safe Browsing API to identify abusive redirects. When a page tries to navigate the browser without a direct user action (like clicking a link), Chrome evaluates whether the navigation is likely unwanted. If it is, Chrome blocks the navigation and shows a small notification in the address bar.

This approach catches most drive-by redirects but is not perfect. Sophisticated redirect scripts can mimic user interactions or use timing tricks to bypass the detector. That is where additional protections come in.

Method 2: Enable Enhanced Safe Browsing

Chrome's Safe Browsing feature protects you from known malicious sites, including those that use aggressive redirect chains. The enhanced version offers stronger protection.

  1. Go to chrome://settings/security
  2. Select "Enhanced protection"

Standard protection checks URLs against a locally stored list of known bad sites, updated every 30 minutes. Enhanced protection sends URLs to Google in real time for checking, which catches new threats faster. It also warns you about potentially dangerous downloads and monitors whether your passwords have appeared in data breaches.

The tradeoff is privacy: enhanced protection sends URL data to Google. If that concerns you, standard protection still catches most malicious redirects, just with a slight delay when new threats emerge.

Method 3: Use Chrome Site Settings Per Site

If a specific site is repeatedly redirecting you, you can restrict its permissions individually.

  1. Navigate to the offending site
  2. Click the lock icon (or tune icon) in the address bar
  3. Click "Site settings"
  4. Set "Pop-ups and redirects" to "Block"
  5. You can also disable JavaScript entirely for that site, which prevents all script-based redirects

Disabling JavaScript is a heavy-handed approach. It will break most modern websites. But for sites you only visit occasionally and that consistently misbehave, it is effective.

Method 4: Install uBlock Origin

uBlock Origin is the most effective browser extension for blocking unwanted redirects and the advertising scripts that cause them. It is free, open source, and uses minimal system resources compared to other ad blockers.

Why uBlock Origin Works Better Than Chrome's Built-in Blocker

Chrome's built-in blocker only catches redirects that happen without user interaction. uBlock Origin goes further by blocking the ad scripts and tracking requests before they execute. If the malvertising script never loads, the redirect never fires.

uBlock Origin also blocks known redirect domains at the network level. Its filter lists include thousands of domains used in redirect chains, so even if a script manages to trigger a redirect, the request to the redirect domain gets blocked.

How to Install and Configure

  1. Go to the Chrome Web Store and search for "uBlock Origin"
  2. Click "Add to Chrome"
  3. The default configuration is effective out of the box for most users

For additional protection, you can enable extra filter lists:

  1. Click the uBlock Origin icon in the toolbar
  2. Click the gear icon to open the dashboard
  3. Go to the "Filter lists" tab
  4. Under "Malware domains," enable the lists you want
  5. Click "Apply changes"

The default filter lists block most advertising and known malicious domains. Adding malware-specific lists provides an extra layer of protection against redirect chains that go through newly registered or less well-known domains.

Other Extensions Worth Considering

Skip Redirect strips tracking redirects and sends you directly to the final destination URL. It is useful when you know a redirect is happening but want to bypass the intermediary steps.

NoScript blocks all JavaScript by default and lets you whitelist specific domains. This is extreme but effective for security-conscious users. It requires significant ongoing management because you need to manually allow scripts on every new site you visit.

HTTPS Everywhere (now largely redundant since Chrome enforces HTTPS by default) ensures you always connect over HTTPS, preventing some types of redirect injection on insecure connections.

Method 5: Clear Cached Redirects

Sometimes the redirect is not coming from a malicious source but from a cached redirect in your browser. If a site previously sent a 301 (permanent) redirect, Chrome caches that redirect and applies it automatically on future visits, even if the redirect has since been removed.

  1. Open chrome://settings/clearBrowsingData
  2. Select "Cached images and files"
  3. Optionally select "Cookies and other site data" (this will log you out of sites)
  4. Click "Clear data"

You can also clear the cache for a specific site by opening Developer Tools (F12), right-clicking the refresh button, and selecting "Empty Cache and Hard Reload."

For more on how cached redirects work and how long they persist, see How Long Do 301 Redirects Last.

Method 6: Check for Browser Hijackers

If none of the above methods stop the redirects, something may be installed on your system that is injecting them.

Signs of a Browser Hijacker

  • Your default search engine changed without your permission
  • Your homepage is different from what you set
  • New extensions appeared that you did not install
  • Redirects happen on every site, not just specific ones
  • You see ads injected into pages that normally do not have them

How to Remove a Hijacker

  1. Go to chrome://extensions and remove any extensions you do not recognize
  2. Reset Chrome to default settings: chrome://settings/reset and click "Restore settings to their original defaults"
  3. Run a malware scan with your antivirus software or Malwarebytes
  4. On Windows, check "Add or Remove Programs" for recently installed software you do not recognize
  5. On macOS, check your Applications folder and /Library/LaunchAgents/ for unfamiliar items

Resetting Chrome removes all extensions, clears temporary data, and resets your homepage, new tab page, and search engine. It does not delete your bookmarks, history, or saved passwords.

When Blocking Redirects Causes Problems

Blocking redirects aggressively can break legitimate website functionality. Here are the most common issues.

Login Flows Break

Many authentication systems use redirects extensively. OAuth, SAML, and other single sign-on protocols redirect you to an identity provider, then redirect you back to the original site with an authentication token. Blocking these redirects prevents you from logging in. If a site's login suddenly stops working after you tightened your redirect blocking, try whitelisting that site.

Payment Processing Fails

Payment gateways like Stripe, PayPal, and others redirect you to their domain for payment, then redirect you back to the merchant's confirmation page. Blocking redirects to or from payment processor domains will prevent you from completing purchases.

URL Shorteners Stop Working

Services like bit.ly, t.co (Twitter/X links), and other URL shorteners are redirect services by design. If you block all redirects from these domains, links shared on social media will not resolve to their destinations.

Affiliate and Tracking Links

Many links in emails, newsletters, and marketing materials go through tracking redirects. Blocking these redirects means the links will not work at all, even though the final destination is legitimate.

Test After Making Changes

After tightening your redirect blocking, test your most-used sites. Try logging in, making a purchase, and clicking links from email. If something breaks, whitelist that specific domain rather than loosening your overall settings.

A Practical Configuration

For most users, this combination provides strong protection without breaking legitimate sites:

  1. Keep Chrome's built-in pop-up blocker enabled (the default)
  2. Enable Enhanced Safe Browsing
  3. Install uBlock Origin with default filter lists
  4. Periodically review your installed extensions and remove anything unnecessary

This setup blocks the vast majority of malvertising redirects and malicious site redirects while allowing legitimate redirects for login, payment, and navigation to function normally.

If you are still experiencing unwanted redirects after this setup, the problem is likely a browser hijacker or system-level malware that requires removal rather than blocking.

Trace redirects to see the full chain

See every hop in a redirect chain, including status codes and destinations. Identify where unwanted redirects are coming from.

Try Redirect Tracer

Related Articles