On Wed, 13 Nov 2019, Janne Blomqvist wrote: > For me, when I use my normal web browser (firefox), it does redirect > to https. But I'm using the "HTTPS everywhere" extension, so I'm not > sure if it's the extension that does it, or if the server redirects > me, or if it's some other web-security-thingy that does it. When I use > curl, and if I manage to interpret the output correctly, it does not > redirect.
If you connect once with https, you get back a header Strict-Transport-Security: max-age=16070400 meaning that if you ever try to connect with http with the same browser (within 186 days), it will remap http to https and connect over https instead (and so refresh its memory of which it last saw the HSTS header). -- Joseph S. Myers jos...@codesourcery.com
