Whenever a scan with an redirection is made, the app compares the scanned URL against this mask. So you can ensure that an URL never leaves the permitted zone and nobody can redirect you to unwanted sites.
Examples for the masking field:
"": If there no mask set, everything is permitted
"https://" only accepts https sites
"https://www.google.com/something" would only redirect to the ssl version of "www.google.com/something"
and so on ...
To make it complete perfekt, it should accept regex. But maybe in the next step. I think this would increase safety significant.
What do you think about this Feature ?
(Example attached)