A redirect is the mechanism by which a server, using a 3xx status code and a `Location` header, tells the client 'the requested resource lives at another URL, so re-request it there.'
It's used all over the web — URL moves, forcing HTTP→HTTPS, post-login navigation, short URLs.
Each code means something different: `301 Moved Permanently` is a permanent move (search engines transfer links/ranking to the new URL, browsers cache it), while `302 Found`/`307 Temporary Redirect` are temporary. There's a subtle but crucial difference — historically many clients turn POST into GET on 301/302, whereas `307` (temporary) and `308` (permanent) preserve the original method and body. So to safely redirect a POST, use 307/308 to avoid losing data or changing semantics. `303 See Other` is used in the PRG (Post/Redirect/Get) pattern to GET a result page after processing a POST.
Practical cautions: (1) the first plaintext hop of an HTTPS-forcing redirect is interceptable, so back it with HSTS; (2) redirect chains (multiple bounces) or infinite loops cause latency and errors, so minimize them; (3) putting unvalidated user input into `Location` creates an open-redirect vulnerability (abused for phishing), so restrict it with an allowlist; (4) static hosting (e.g. Cloudflare Pages) 308-redirects URLs like `/index.html` to clean URLs, and if a service worker caches that redirected response, navigation can break — so be careful with caching policy.