Learn how to use link cloaking in CodeQR to mask destination URLs with short links.
CodeQR Team
콘텐츠 팀
This feature is available only for Pro plans and above.
With CodeQR, you can mask your destination URL using your short link.
To enable link cloaking, click to activate Add Link Cloaking in the link builder.
This is useful when you want to display your brand or custom domain instead of the actual destination URL.
When enabled, your short link will be shown in your users’ browser address bar when they visit your link, instead of the destination URL.
How Link Cloaking Works
Link cloaking works by embedding the destination page in an iframe inside a page hosted on your short domain. This means:
Advantages of Link Cloaking
Consistent branding: Users always see your domain in the address bar
Protection of the real URL: The destination URL is hidden from users
Unified experience: Maintains your brand’s visual identity
Enhanced analytics: Improved tracking of user behavior
When to Use Link Cloaking
Marketing campaigns: To keep brand consistency
Affiliate links: To hide long affiliate URLs
URL protection
: To prevent direct access to resources
Professional branding: To present a more professional image
Limitations of Link Cloaking
Some important limitations of the link cloaking feature:
1. HTTPS Requirement
For link cloaking to work, make sure to use https for your destination URL. If your destination URL is http, the browser will display a “Not Secure” warning, and link cloaking will not work.
2. Security Restrictions
Link cloaking may not work with certain sites that have security measures in place to prevent this:
X-Frame-Options header set to DENY
content-security-policy header set to frame-ancestors 'none'
Restrictive referrer policies
JavaScript detecting iframes and redirecting
3. Functionality Limitations
Popups: May not work properly
Downloads: Some downloads may be blocked
Authentication: Logins might experience issues
Third-party cookies: May be blocked by the browser
Link Cloaking with Security Headers
If you control the destination URL you are masking, you can use security headers to enable link cloaking in CodeQR while also disabling iframe embedding elsewhere.
Adding security headers to your destination URL
To do this, you need to include your CodeQR short domain as an allowed source on your site by adding the following response headers to your website:
You can set up link cloaking to work only under certain conditions:
// Exemplo para habilitar cloaking apenas para referrers específicos
if (document.referrer.includes('seudominio.com')) {
// Permitir iframe
res.setHeader('X-Frame-Options', 'SAMEORIGIN')
} else {
// Bloquear iframe
res.setHeader('X-Frame-Options', 'DENY')
}
Iframe detection
For sites that need to detect when they are displayed in an iframe:
// Verificar se a página está em um iframe
if (window !== window.top) {
// Página está em iframe (provavelmente via link cloaking)
console.log('Página exibida via link cloaking')
} else {
// Página acessada diretamente
console.log('Acesso direto à página')
}
Best Practices
1. Always test
Different browsers: Chrome, Firefox, Safari, Edge
Mobile devices: iOS and Android
Specific functionalities: Forms, downloads, authentication
2. Monitor performance
Load times: Iframes can be slower
Bounce rate: Monitor for any negative impact
Conversions: Check if cloaking affects conversions
3. Communicate to users
Transparency: Inform users about redirection when appropriate
Support: Provide direct links as alternatives
Documentation: Keep clear instructions for your team
4. Security
HTTPS required: Always use secure connections
Domain validation: Keep the allowed domains list updated
