Our site auditor can detect when HTTP is not redirecting to HTTPS. Sometimes when customers check this issue for themselves (by going to the HTTP version of the site), it looks like HTTP is redirecting to HTTPS without any issues. However, there can still be problems with this redirect.
This issue usually happens when a website uses HSTS technology. If a user has already visited the HTTPS version of the website, HSTS will force the browser to go to HTTPS each time they return. However, if a user has never visited the HTTPS version, then HSTS will not automatically redirect them if they arrive on the HTTP version of the site. This is why our site auditor still reports a problem.
How to verify "HTTP not redirecting to HTTPS" errors
Follow these instructions to check for a potential issue with HSTS.
- Open the HTTP version of the website (not the HTTPS version) in a browser that has never visited the website before (take care to not visit the HTTPS version first, or this will not work). You should notice that you are not redirected to HTTPS.
- Next, visit the HTTPS version of the site.
- Then, try to visit the HTTP version again, and you should see it now redirects correctly to HTTPS.
This is because HSTS will automatically redirect you to HTTPS after you visited HTTPS for the first time. However, as you've just seen, it did not redirect you during step 1 of the instructions above.
If our auditor is still reporting this issue and you've confirmed the website is correctly redirecting to HTTPS, reach out to our customer support team for assistance.