HTTPS & SSL
HTTPS is the baseline security requirement for every short link. Without it, browsers warn visitors, referrer data disappears and trust signals break.
Definition
HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of HTTP. It uses SSL/TLS (Secure Sockets Layer / Transport Layer Security) to encrypt all data transmitted between a browser and a server — preventing interception, tampering and eavesdropping on the connection.
For URL shorteners, HTTPS matters at both the short link domain level and the destination URL level. A fully secure redirect chain — HTTPS short link redirecting to HTTPS destination — preserves referrer data, avoids browser security warnings and maintains visitor trust throughout the click-to-destination journey.
Why HTTPS Matters for Short Links Specifically
Trust and Browser Indicators
Modern browsers display a padlock icon for HTTPS URLs and show "Not secure" warnings for HTTP URLs. In email clients and social platforms that display link previews, an HTTP short link domain may trigger security warnings or be flagged by spam filters. All Cuttly short links on the cutt.ly domain use HTTPS by default — no additional configuration required.
Referrer Data Preservation
When a browser follows a link from an HTTPS page to an HTTP destination, it strips the Referer header for security reasons — the click arrives at the destination with no referrer data, appearing as direct traffic. This referrer stripping happens silently and causes significant attribution gaps in analytics. Short links on HTTPS avoid this problem when redirecting to HTTPS destinations — the full referrer chain is preserved.
HSTS Compatibility
Many modern websites and browsers use HSTS (HTTP Strict Transport Security), which instructs browsers to refuse HTTP connections to known HTTPS domains. An HTTP short link pointing to an HSTS-protected destination generates a browser error rather than completing the redirect. HTTPS short links avoid this compatibility failure entirely.
Email Deliverability
Email spam filters evaluate link security as part of their scoring. HTTP links in emails are a negative deliverability signal — they increase the probability of an email being classified as spam. HTTPS links on a branded custom domain are a positive trust signal that improves deliverability alongside other factors.
SSL Options for Custom Domains in Cuttly
When a custom domain is connected to Cuttly, you configure SSL from Edit account → SSL settings for the relevant domain. Three options are available:
| Option | How it works | Plan required |
|---|---|---|
| HTTP only | Short links on this custom domain use HTTP — no SSL certificate. Not recommended for production use. | All plans |
| Own SSL certificate (HTTPS) | You independently manage and install an SSL certificate for the domain — for example via Cloudflare or another SSL provider. Cuttly serves HTTPS once the certificate is active at the DNS/proxy level. | All plans |
| Let's Encrypt SSL | Cuttly automatically installs a Let's Encrypt certificate for your custom domain with one click and handles automatic renewal. No manual certificate management required. | Single plan ($25/mo) and above |
The Let's Encrypt option is the recommended approach for most users on an eligible plan — one click installs and maintains the certificate. Before enabling, review the Let's Encrypt rate limits at letsencrypt.org/docs/rate-limits.
Full setup guide: How to Set SSL and HTTPS for a Custom Domain.
The Full Redirect Chain: HTTPS Throughout
For maximum trust, performance and analytics accuracy, both the short link and the destination should use HTTPS:
Ideal chain:
https://go.brand.com/offer → 301 → https://yourdomain.com/landing-page
Problematic chain (referrer stripped):
https://go.brand.com/offer → 301 → http://yourdomain.com/landing-page
If the destination URL is HTTP, the referrer is stripped at the final hop — even though the short link itself is HTTPS. Ensure destination URLs use HTTPS, particularly for landing pages where traffic source attribution matters.
Related Terms
FAQ
Do short links need HTTPS?
Yes. HTTP short links trigger browser security warnings, cause referrer stripping on HTTPS-to-HTTP transitions and are flagged negatively by email spam filters. All Cuttly links on the cutt.ly domain use HTTPS by default. Custom branded domains can use HTTPS via external SSL or Let's Encrypt (Single plan+).
How does SSL work on custom branded domains in Cuttly?
Three options: (1) HTTP only — no SSL, not recommended; (2) External SSL — you manage the certificate yourself via Cloudflare or another provider; (3) Let's Encrypt — Cuttly installs and renews automatically with one click, available from the Single plan. Full guide: SSL Setup for Custom Domains.
URL Shortener
Cuttly simplifies link management by offering a user-friendly URL shortener that includes branded short links. Boost your brand’s growth with short, memorable, and engaging links, while seamlessly managing and tracking your links using Cuttly's versatile platform. Generate branded short links, create customizable QR codes, build link-in-bio pages, and run interactive surveys—all in one place.
Cuttly More Than Just a URL Shortener
Cuttly is a comprehensive, ever-evolving platform for link shortening that combines innovation and user-friendliness to deliver a seamless experience in managing and shortening URLs.
