linkutm Logo
Glossary Term

Link Expiration

glossary link expiration featured

Link expiration is a setting that deactivates a URL after a defined condition: a specific date, a maximum click count, or a single use. Once the condition is met, the link stops resolving to its destination and usually shows an expired-link page, a fallback URL, or a 410 Gone HTTP status. Marketers use it for time-limited offers, and product teams use it to secure password resets, magic login links, and file shares.

How Link Expiration Works

Link expiration is enforced by the redirect service that sits between the short URL and the destination. The exchange runs through three checkpoints before the destination loads.

  1. A visitor opens the cloaked URL, for example yourbrand.co/blackfriday.
  2. The redirect service checks the expiration rules attached to that link: current date, total clicks, or use count.
  3. If the rules pass, the server returns a 301 or 302 to the destination. If they fail, it returns a fallback page or a 410 Gone.

In raw HTTP, an expired link response looks like this:

HTTP/1.1 410 Gone
Content-Type: text/html


This link has expired

The destination URL itself is unchanged. Expiration only blocks the redirect; the original page keeps working when accessed directly.

Types of Link Expiration

Expiration rules fall into four common patterns. Most link management tools let you combine two of them on the same link.

  • Date-based expiration. The link stops working at a specific date and time. Common for Black Friday promos, webinar registrations, and seasonal campaigns.
  • Click-based expiration. The link stops after a set number of clicks (for example, the first 100 visitors). Common for limited-quantity offers and beta access.
  • One-time use. The link expires after a single successful click. Standard for password reset emails and magic login links.
  • Session-based expiration. The link is valid only within an authenticated session. Common for in-app file downloads and signed URLs.

A 2024 OWASP recommendation sets password reset link expiration at 60 minutes or less. AWS S3 presigned URLs allow a maximum lifetime of 7 days for IAM-signed URLs and 12 hours for STS-signed URLs.

Why Link Expiration Matters

Link expiration matters because URLs leak. A campaign URL that worked for one promo will keep working months later if shared in screenshots, forwarded emails, or scraped pages.

  • Marketing. Expiring offers create urgency. A “first 100 buyers” link that stops at click 100 enforces the promise. A “Black Friday only” link that expires Monday morning prevents the offer from re-appearing in next year’s search results.
  • Security. A password reset link that does not expire is a permanent backdoor. A one-hour expiration window limits the impact of a stolen email.
  • Compliance. GDPR and HIPAA require that sensitive resources are not accessible indefinitely. Expiring share links for medical records, financial documents, and personal data reduce the audit footprint.
  • Cost control. A click-capped link prevents runaway costs on metered APIs, paid content downloads, or affiliate offers with budget limits.

See linkutm’s guide to expiring links for seven specific campaign use cases with examples.

How to Set Link Expiration

Most link management tools follow the same five-step pattern. The wording differs across platforms but the inputs are standard.

  1. Open the link in your link management dashboard.
  2. Find the expiration or advanced settings panel.
  3. Choose the expiration type: date, click count, or one-time use.
  4. Enter the limit value (for example, 2026-11-30 23:59 PST or 100 clicks).
  5. Set a fallback URL or message for expired requests.

Date-based expiration uses the user’s time zone unless you specify otherwise. Always set the expiration in the time zone of your campaign’s primary audience.

linkutm’s link protection feature includes expiration controls for date and click-count rules with a fallback URL field.

Common Link Expiration Issues

Most expiration problems trace back to four recurring mistakes.

  • Time zone mismatch. The link expires at midnight UTC when the marketing team expected midnight PST. Result: 8 lost hours on the offer.
  • No fallback URL. Visitors hit a generic 410 page instead of an explanation. Result: support tickets and lost trust.
  • Caching. The visitor’s browser or a CDN caches the redirect before it expires. Result: the link keeps working past the cutoff. Use Cache-Control: no-store on the redirect response.
  • Clock drift. The link is enforced against the server’s clock, not the visitor’s. A misconfigured NTP daemon can let an expired link keep redirecting for hours.

For sensitive links (password resets, file shares), set the fallback URL to a page that explains how to request a new link.

Frequently Asked Questions

What does link expiration mean?

Link expiration means a URL is set to stop working after a defined condition. The condition is usually a specific date, a maximum number of clicks, or a one-time use. After the condition is met, the link no longer redirects to its destination, even though the destination itself is still online.

What is the difference between a temporary link and an expiring link?

The two terms are used interchangeably in most link management tools. Both describe a URL that stops working after a defined trigger. Some platforms reserve “temporary link” for one-time use cases (such as magic login links) and “expiring link” for date or click-based rules, but the underlying mechanism is the same.

How long should a password reset link last?

OWASP recommends that password reset links expire within 60 minutes of being issued. Many SaaS products use 15 to 30 minutes for high-sensitivity accounts and 60 minutes for general use. Beyond an hour, the link is no longer considered safe for security workflows.

Can an expired link be reactivated?

It depends on the platform. Most link management tools let you edit the expiration date or click limit and reactivate the link without changing the URL. Some security-focused systems (password reset tokens, signed AWS URLs) require generating a new link instead.

Does link expiration affect SEO?

Yes, in two ways. Search engines that have indexed the expired URL will eventually drop it from results when the link returns a 410 Gone status. To preserve SEO value when retiring a campaign URL, use a 301 redirect to a relevant page instead of a hard expiration.

To set date-based or click-based expiration on your campaign URLs, use linkutm’s link protection feature.

Back to Glossary