I did a couple crawls on my website and it was fine last week but not im getting a 301. Its showing that its coming from an http instead of https.
Thatâs for HTTPS - 301 isnât an error, itâs an redirect. This makes it so anyone visiting your website on http (the default) instead goes to the secure HTTPS version. This adds only 1-10 milliseconds of page load time so you shouldnât worry about this.
2 Likes
If you add HSTS, your visitorsâ browser will redirect them to https automatically even if they typed âhttpâ, saving the first request. This will only happen after they visit the https version for the first time.
If you also enable HSTS preloading (both adding the header with include-subdomains, preload and maximum TTL in CF SSL/TLS settings, and then registering your site at hstspreload.org), then, once your preload record gets to all browsers, even first time visit to your site will go directly to https. This has both the advantage of performance and the lack of ability to MITM attack you with techniques like sslstrip.
The disadvantage of HSTS is of course that if you decide to stop using HTTPS, it could take time until you get all users to forget it, and until they do, you canât stop using https or youâll be attacking yourself with a denial of service. HSTS preloading is âworseâ - youâll have to wait until all browsers remove your HSTS preloading record at your request, and then all people upgrading to a new browser version that does not include your site on their list. This could take between months to years. This applies domain wide (all current and future sub-domains), so consider carefully before enabling this feature.
2 Likes
What I dont get is how did http come up this week and not last week when I ran the check?
Are you sure last time you also explicitly typed http:// in the beginning of the URL? Perhaps previously your browser automatically completed the https:// URL from history?
1 Like
So because I typed http it created that redirect itself?
There is a redirect from http to https. That redirect (âLocation:â header in HTTP response) may origin in Cloudflare configuration or from your server if accessed over HTTP.
If thereâs a redirect, and youâre typing http:// - it does whatâs expected from itâŚ
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.