Safelink Decoder

Safe links are a security feature used by email providers and security platforms to scan URLs before users click them. When a link is wrapped by Google, Outlook/Defender, Proofpoint, or Facebook, it becomes a long encoded string that redirects through their security servers. Our Safelink Decoder analyzes this wrapped URL, decodes the embedded parameters, and extracts the original destination URL.

The tool supports multiple layers of nesting, meaning if a safe link is wrapped multiple times (common in organizations with multiple security layers), the decoder will progressively unwrap each layer until the real URL is revealed. The entire process happens client-side in your browser, ensuring your URLs remain private and no data is sent to external servers.

Simply paste your wrapped safe link into the decoder, and it automatically detects which platform created the wrapper (Google, Outlook, Proofpoint v2, Proofpoint v3, or Facebook) and applies the correct decoding method to extract the genuine destination URL.

• Email Security Analysis: Check the real destination of URLs in emails that passed through corporate email security systems
• Phishing Investigation: Verify whether a suspicious wrapped link actually leads to a legitimate or malicious domain
• URL Verification: Quickly reveal the true URL without clicking through multiple redirects
• IT Troubleshooting: Help employees understand where wrapped links in their inbox actually point to
• Security Research: Decode URLs from captured emails or logs for threat analysis and documentation