Reputation: 3277
Why does 301 to HTTPS redirect show for my website, but for Facebook it doesn't
If I open my FF developer tools, and look at the network tab, then enter http://mywebsite.com, there would be a 301 moved permanently to the https website as the first network request. If you do that to http://facebook.com, then the first request would be 200 with a request URL of https://facebook.com.
However, if you run a curl -I on both websites, the same result of 301 moved permanently would show. How do they do that?
I am using nginx that redirects to HTTPS behind Amazon ELB.
Upvotes: 1
Views: 132
Answers (1)
Reputation: 30526
I think this is an effect of HSTS: HTTP Strict Transport Security
On the facebook responses headers you have this:
Strict-Transport-Security: max-age=15552000; preload
This tells your browser to memorize this HTTP to HTTPS redirection for this domain for a big amount of time, without trying a real HTTP connection to get the 301.
And if you think that having something in your browser which is stored in memory and affects the way the first requests are made on some already visited domains, even after a browser close, could have some privacy impact, well... you would be right.
Upvotes: 1
Related Questions
- How to redirect https to http without any SSL Certificate
- In browser why facebook.com automatically call https://www.facebook.com even after deleting cache/history
- in htaccess force https just if domain contains "-facebook"
- Create 301 redirect that excludes facebook
- 301 will not redirect to Facebook page
- Why I can't see the old facebook likes on my website after I change the address from http to https?
- Facebook redirect to non secure version of page tab after login
- How can i redirect all http to https facebook pages?
- Facebook is not redirecting to https when accessing tab URL
- Facebook App redirecting to https