Do I need a custom domain for link masking?

It works without one, but it is far stronger with a custom domain. With your own domain the address bar shows your brand instead of slsh.me for a full white-label experience, and you can let your own pages opt into being framed with a frame-ancestors 'self' your-domain.com policy. Link masking is part of the Big Slash plan.

Home/ Guides/ Link masking vs cloaking

Guide · Branded links

Link masking vs cloaking, and is it bad for SEO?

Q: Is link masking bad for SEO?

Done transparently, no. The SEO risk people warn about is deceptive crawler cloaking and naive masking that creates duplicate content or hijacks indexing. slsh.me masks legitimately: the masked frame is served noindex,nofollow with a canonical pointing to the destination, so there is no duplicate-content or index-hijack issue; destinations must be HTTPS to avoid mixed content; and a pre-flight check warns you if a site blocks embedding. It frames a page you own or are entitled to share — it is not a content-rewriting proxy and not deceptive crawler cloaking.

Link masking keeps your branded short URL in the address bar while the destination loads. People also call it link cloaking or URL masking. Here's what it actually does, how it differs from a plain redirect, when it's safe for SEO, and the sites where it won't work.

Updated June 15, 2026 · by slsh.me

The short answer

Link masking loads the destination inside a full-viewport frame, so the visitor sees that page while your branded short URL stays in the address bar.

"Link cloaking" and "URL masking" are the same thing as searchers use them. The one caveat: the word cloaking also has a second, SEO-specific meaning — showing search crawlers different content than people see — which Google penalises. Transparent masking (the kind covered here) marks the frame noindex,nofollow and canonicalises it to the destination, so it's a different thing entirely and is not penalised.

Want to try it? Link masking is part of the Big Slash plan — paste a URL, toggle "keep my link in the address bar," and save. Create your account to set it up.

What link masking actually does.

When someone opens a normal short link, their browser is redirected to the destination — and the moment the page loads, the address bar swaps to the destination's URL. Your short link has done its job and vanished.

Link masking changes that last step. Instead of redirecting, the short link serves a tiny page that loads the destination inside a full-viewport frame. The visitor sees the destination's content edge to edge, but the address bar keeps showing your short URL — go.yourbrand.com/spring — for the whole visit. That's the entire trick, and it's why it's also called URL masking or domain masking: your domain stays in front of someone else's page.

This is popular with affiliate marketers (a clean branded link instead of a long affiliate URL), creators (every link reads as theirs), and brand and marketing teams who want a single recognisable domain across every campaign.

Masking vs a redirect vs deceptive cloaking.

Three things get lumped together. They behave very differently — and only one of them is the kind Google penalises.

	Plain redirect	Transparent masking	Deceptive cloaking
What the visitor sees	The destination page.	The destination page, in a frame.	The destination page.
What the address bar shows	destination.com	your-short-link (stays)	destination.com
What crawlers get	Same as visitors (a redirect).	A noindex,nofollow frame, canonical to the destination.	Different content than visitors — on purpose.
SEO treatment	Fine	Fine — no duplicate content, no index hijack.	Penalised by Google.
Use it for	A short, shareable link.	Keeping your branded URL visible the whole visit.	Nothing — this is the abuse pattern to avoid.

The takeaway: "masking" and "deceptive cloaking" share a reputation but not a mechanism. slsh.me does the middle column — your link stays visible, crawlers get an honest noindex signal pointing at the real destination.

Is link masking bad for SEO?

Done transparently, no. The bad reputation comes from two real problems — neither of which applies to how slsh.me masks links:

Deceptive crawler cloaking means showing search engines one thing and humans another to game rankings. Google penalises it. Transparent masking shows everyone the same destination; it never feeds crawlers a different page.

Naive masking can create duplicate content or block indexing if the masked frame is left crawlable. slsh.me avoids that by design. Here's exactly how:

`noindex,nofollow` on the frame

The masking page that holds the frame is served noindex,nofollow, so search engines never index the wrapper — there's no duplicate of the destination competing in the results.

Canonical to the destination

The frame carries a canonical pointing at the real destination URL, so any signal flows to the page that should own it. No index hijack, no split authority.

HTTPS-only destinations

Masked destinations must be served over HTTPS. That avoids mixed-content warnings and the broken padlock that would otherwise undermine a branded link.

A pre-flight embeddability check

Before the link goes live, slsh.me checks whether the destination allows being framed. If it blocks embedding, you're warned up front instead of shipping a blank frame.

Your own (or shareable) content

It's an iframe of a page you own or are entitled to share — a branded wrapper around your own experience. It is not a content-rewriting proxy and not deceptive crawler cloaking.

When to mask, and when not to.

Masking shines when you want your brand in front of a page you control or are sharing. It breaks on sites that refuse to be framed.

Good fits

Branded campaign links where your domain should stay visible the whole visit.
Affiliate links — a clean branded URL instead of a long affiliate string.
Creators pointing to landing pages, shops or link-in-bio destinations.
Pages you own — they'll always frame, and you control the embed policy.

Won't work

Banks and payment pages — they block framing for security.
Google, YouTube and most large platforms set X-Frame-Options or a frame-ancestors CSP that refuses the frame.
Any destination that returns a blank or refused frame in the pre-flight check.

The escape hatch for your own pages: if a site you control blocks framing, you can let your masked links through by allowing your own domain in the embed policy — Content-Security-Policy: frame-ancestors 'self' your-domain.com. That keeps everyone else out while your branded short links still mask cleanly. It works best alongside a custom domain, which also puts your brand — not slsh.me — in the address bar.

Mask a link in three steps.

Paste your URL, toggle "keep my link in the address bar," and save — slsh.me runs the pre-flight check and tells you immediately if the destination can be framed. Pair it with a custom domain for a full white-label, or a custom social card so the link unfurls on brand too.

Link masking is part of the Big Slash plan — keep your branded short URL in the address bar, on your own domain, with the transparent noindex + canonical setup baked in.

See how link masking works

Or create a free account and shorten your first link in seconds.

Questions

What is link masking? +

Link masking is when a short URL loads the destination page inside a full-viewport frame, so the visitor sees the destination's content while your branded short URL stays in the browser's address bar. Unlike a redirect, the address bar never changes to the destination domain — the masked link is what stays visible and shareable.

Is link masking the same as link cloaking? +

To most searchers, yes — link masking, link cloaking and URL masking all describe keeping your own URL in the address bar while showing another page's content. The word cloaking also has a second, SEO-specific meaning — deceptively showing crawlers different content than people see — which Google penalises. Transparent masking, where the frame is noindex and canonicalised to the destination, is not that and is not penalised.

Is link masking bad for SEO? +

Done transparently, no. The risk people warn about is deceptive crawler cloaking and naive masking that creates duplicate content or hijacks indexing. slsh.me masks legitimately: the masked frame is served noindex,nofollow with a canonical pointing to the destination, destinations must be HTTPS, and a pre-flight check warns you if a site blocks embedding. It frames a page you own or are entitled to share — not a content-rewriting proxy and not deceptive crawler cloaking.

Does link masking work on every site? +

No. Many sites — banks, Google, YouTube and other large platforms — block being embedded in a frame using X-Frame-Options or a frame-ancestors CSP. A masked link to those sites shows a blank or refused frame. slsh.me runs a pre-flight check when you create the link and warns you up front so you can fall back to a normal redirect instead.

Link masking vs a redirect — what's the difference? +

A redirect sends the browser to the destination, so the address bar changes to the destination URL and your short link disappears once the page loads. Link masking loads the destination inside a frame instead, so the address bar keeps showing your branded short URL the whole time. Use a redirect for a plain short link; use masking when you want your branded URL to stay visible.

Do I need a custom domain? +

It works without one, but it's far stronger with a custom domain. With your own domain the address bar shows your brand instead of slsh.me for a full white-label, and you can let your own pages opt into framing with a frame-ancestors 'self' your-domain.com policy. Link masking is part of the Big Slash plan.

Keep your link in the address bar.

Shorten any URL with slsh.me, mask it on your own domain, and your branded link stays visible the whole visit — with the transparent noindex + canonical setup handled for you, plus live click analytics.

Create a link with slsh.me

How masking works · see pricing