This only happened on my latest added domain, other old domains are good.
I have checkout setting, no differences, and I also tried to remove domain and add it again, no luck.
I have my Always Use HTTPS disabled.
Reproduce:
anything else I missed?
A 307 is most likely due to HSTS.
HSTS is disabled
What’s the hostname of that subdomain?
I just use random words, like a.xxx.com, test.xxx.com and use A record to my server
anyone helps
I tried looking at your xxx.com site and it was very shocking. Are you sure that’s the right hostname for your subdomain?
lol, sorry, I thought you just need a example. My domain is taxiang.app
UPDATE: After typing all the below, I see your domain is in the HSTS Preload list, but surprisingly doesn’t have the HSTS header. Your domain isn’t listed here, either:
https://searchfox.org/mozilla-central/source/security/manager/ssl/nsSTSPreloadList.inc
I don’t know what it would take to refresh that list, as removal from hstspreload.org is difficult.
This gets you a response header like this:
strict-transport-security: max-age=31536000; includeSubDomains; preload
And a site that’s listed at hstspreload.org will trigger a 307 redirect in Firefox immediately. Sites with just the header will trigger a reload after first visit because Firefox will remember that HSTS header.
I checked your domain, and it doesn’t have that header.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.