Access controls help decide who can open a link and what they should see before redirecting. A public link redirects with minimal friction. A protected link can require a password, an email one-time code, a specific referrer, a preview page, a warning page, a start date, an expiration date, or a click limit. These controls can be combined when the destination needs more care.
Password access is useful for simple private sharing. Email one-time codes are better when access should be tied to specific recipients. Referrer restrictions are useful when a link should work only from a partner site or private portal. Preview pages give transparency by showing the destination before leaving clk.ms. Warning pages are appropriate when the destination is sensitive or should require a conscious confirmation.
Example: a private client report can require an email code and expire after a week. A partner promotion can allow only visits from partner.example.com. A potentially sensitive research link can show a warning page before redirecting.
Best practice: match the control to the risk. Do not add every restriction by default. For private documents, use email codes or passwords; for public campaigns, prefer preview or warning only when they protect trust without hurting conversion unnecessarily.