: How to tell if a website is using rewrite or redirect? If I go to google.com in my browser, it automatically loads the https site. When I do curl http://www.google.com, if it were doing a

@Odierno851

Your options are limited because you are relying on the server operator to send the correct HTTP status codes and this is not guaranteed to happen. Many websites will return a 200 OK response with their custom 404 Not Found page, for example, and this is just wrong.

The simplest way to test is to use curl's -I option which returns the header only. curl -I www.example.com will display a much shorter response beginning with the HTTP status code. If the server operator has correctly configured things, you will see if a 3XX Redirect response is returned.

Varon's answer here describes why this is happening for Google's website which is what you used as an example in your question. My answer here is a more general response that you can attempt to use for any site, but again you are relying on the server giving the correct response which you just can't depend on.

Vote Up Vote Down

@Gloria169

This is calling Strict Transport Security or better known as HSTS

Google and so on are hardcoded with a HTTPS-response to a HTTP-request. If you open in the Chrome-Browser: chrome://net-internals/#hsts you get the hint:


HSTS is HTTPS Strict Transport Security: a way for sites to elect to always use HTTPS


with a link to www.chromium.org/hsts
In section Preloaded HSTS sites is a full list with all the sites that are delivered in https-only. (The chromium-sourcecode for this is code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json )

Additional you can read about HSTS in Wikipedia: en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
So the things you can do is a normal 301 Moved Permanently Redirect
or (theoretically to complete the options) if you have good arguments, you can try to bring your https redirect in the codebase of all browsers.

Vote Up Vote Down