If a webpage contains a HTTP redirect, the wrong URL is shown in the address bar in the end. You can try it with e.g. https://tinyurl.com/161 which redirects to http://www.google.com/ . During loading the forwarded URL is displayed. Afterwards the title bar will show page title | original URL. The address bar does also contain the original instead of the actual URL.
The title bar showing the URL is also vulnerable to address spoofing with enabled JavaScript. In my tests the address could be spoofed with example three, four, five and seven. Examples were taken from here: https://ios.browsr-tests.com/alt/native.abs.php
If a webpage contains a HTTP redirect, the wrong URL is shown in the address bar in the end. You can try it with e.g. https://tinyurl.com/161 which redirects to http://www.google.com/ . During loading the forwarded URL is displayed. Afterwards the title bar will show page title | original URL. The address bar does also contain the original instead of the actual URL.
The title bar showing the URL is also vulnerable to address spoofing with enabled JavaScript. In my tests the address could be spoofed with example three, four, five and seven. Examples were taken from here: https://ios.browsr-tests.com/alt/native.abs.php