HTTP Request not working
When I try to reach my website via http, I am immediately redirected to https. Why?
I turned off the option "https rewrites" and "Always https"!
24 Replies
Does this work from another browser/in Incognito? Your browser may sometimes cache the redirect.
No it doesn't work
A lot of web servers these days just do the redirect by default, it could be your origin doing it. If you see the CF-Cache-Status header on it, it's from your origin and not Cloudflare
Does it work with another domain on the same server? Then it must be my domain.
Another thing worth noting is if you have HTTP Strict Transport Security (HSTS) configured on your site. If you opted to have your site preloaded, or your site is on a top level domain that is preloaded by default (most of google's, like .dev), all browsers will "Redirect" to https
Can you share your website, or at least the top level domain it uses?
How i can find HSTS in my dashboard
i dont find it xD
The cloudflare part of it, you can find under SSL/TLS -> Edge Certificates
but that won't matter if you are using a domain extension/top level domain that is preloaded by default
What is your website url, or at least the top level domain it uses?
My domain is translify.app
this is my hsts settings
.app is a Google Domain which is preloaded by default
within all browsers is a "list" of preloaded domains, that they automatically redirect to https for, the entirety of the .app top level domain, that is, every .app domain, will always redirect to https and refuse to use http
it may be worth keeping in mind this is a browser thing, if you try via curl or a rest client, most don't respect that list, but browsers will
Ok, now that's a little problem.
If you're just trying to use http for your own testing purposes, in Chrome you can bypass the HSTS screen by typing "thisisunsafe" (there's no prompt or anything, you just type it blindly)
but yea it's really not designed to be avoided/skipped, effectively all .app domains are https only. If you need http for some purpose, you'd probably just want to acquire a domain that isn't hsts preloaded (like com, org, net)
Actually I don't need http but if I try to run my application on a port other than 443 then this error comes up.. and I hoped to bypass that with http
wait i send in english sorry
so thats all informations xd
you need to serve a valid certificate, trusted by browsers. You can get free ones via Let's Encrypt, automated issuance via Certbot.
If you are just trying to test things, you can type "thisisunsafe" on that screen.
That's a Cloudflare origin cert, those are only trusted by Cloudflare proxy, when the DNS Record is proxied. However, cloudflare doesn't support port 500, you'd have to use one of their supported ports if you wanted to go that direction: https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/
okay i test it.....
https://test.translify.app:2053/ping can u check maybe its work? (Cache)
ahh i checked with my handy it works
thank you soo much, since 15 hours i try to fix this error
yea, works for me
no problem 
I haven't read anywhere that there are these extra ports
thank you of the Month 
of the Month