HTTPS & HSTS: 301, 302, or 307?
Originally shared by John Mueller
HTTPS & HSTS: 301, 302, or 307? If the combination of these letters & numbers mean anything to you, you might be curious to know why Chrome shows you a 307 redirect for HSTS pages.
In the end, it's pretty easy. After seeing the HTTPS URL with the HSTS header (for example, with any redirect from the HTTP version), Chrome will act like it's seeing a 307 redirect the next time you try to access the HTTP page. Your server's not returning a 307, Chrome is just showing it to you as such to explain that it's doing the redirect for you. You can confirm that by looking at the size of the response -- 0 bytes for the 307 "redirect." In other words, the 307 isn't actually a redirect at all, it's just a placeholder.
This is not the redirect you're looking for.
HTTPS & HSTS: 301, 302, or 307? If the combination of these letters & numbers mean anything to you, you might be curious to know why Chrome shows you a 307 redirect for HSTS pages.
In the end, it's pretty easy. After seeing the HTTPS URL with the HSTS header (for example, with any redirect from the HTTP version), Chrome will act like it's seeing a 307 redirect the next time you try to access the HTTP page. Your server's not returning a 307, Chrome is just showing it to you as such to explain that it's doing the redirect for you. You can confirm that by looking at the size of the response -- 0 bytes for the 307 "redirect." In other words, the 307 isn't actually a redirect at all, it's just a placeholder.
This is not the redirect you're looking for.
Comments
Post a Comment