Where does the redirection to HTTPS come from?

Hello! Why am I being redirected to https://surgeryzone.net when I go from Google to the http://surgeryzone.net?

I am not using any HTTPS redirects on my server, and I did not have this issue before connecting with Cloudflare.

SSL is disabled in the Cloudflare SSL settings.

There is no HTTPS redirect on that domain for me. Try from an incognito browser session.

It didn’t even open in incognito. I set the Flexible mode in the settings - it opens with HTTPS. I don’t understand anything.

Do not use Flexible. This will break your site. Either Full Strict or Off.

Do you have a reason not to use HTTPS?

1 Like

Yes, there are certain reasons why a website should work on HTTP. The Flexible mode can break the site due to what? It’s probably not good for search engines when the protocol is not clearly defined. But I don’t see any more downsides.

I am not saying you should not use HTTP. I was asking why not HTTPS.

But if you do not want to use HTTPS, then you should definitely not use Flexible, as that will actually apply HTTPS. However, an insecure legacy version, which typically breaks sites.

As mentioned, either use Off for HTTP or Full Strict for HTTPS. All the other modes are legacy modes with content issues.

2 Likes

Your site will be forcefully redirected to HTTPS on Chrome newest versions (and in all likelihood on other browsers as they follow Chrome’s lead). It so happens that Chrome has recently decided to force-redirect from HTTP to HTTPS every request for a domain that has a DNS resource record of the type HTTPS.

Cloudflare has been quietly issuing these records for every proxied domain that has Universal SSL enabled for the past almost 3 years, but only recently Chrome has enacted the forced redirect. You cannot see these records on the Dashboard, but you can see that they are in place for your domain by visiting https://www.nslookup.io/domains/example.com/dns-records/https/

In order for you to allow Chrome visitors to use HTTP on your domain, you’d need to set SSL to Off and disable Cloudflare’s Universal SSL.

The alternative would be to follow @sandro’s advice and adopt HTTPS for good and change your Cloudflare SSL mode to Full (Strict).

2 Likes

Thank you! It seems that disabling Cloudflare’s Universal SSL has resolved the issue.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.