Mobile app version of vmapp.org
Login or Join
Merenda212

: How to tell if a website is using rewrite or redirect? If I go to google.com in my browser, it automatically loads the https site. When I do curl http://www.google.com, if it were doing a

@Merenda212

Posted in: #Http #Networking

If I go to google.com in my browser, it automatically loads the https site.

When I do curl www.google.com, if it were doing a redirect, then I'd expect to see a 301 message. But instead, it appears to show the code for the page.

Does this mean then that it is doing a rewrite to https instead of a redirect?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Merenda212

2 Comments

Sorted by latest first Latest Oldest Best

 

@Odierno851

Your options are limited because you are relying on the server operator to send the correct HTTP status codes and this is not guaranteed to happen. Many websites will return a 200 OK response with their custom 404 Not Found page, for example, and this is just wrong.

The simplest way to test is to use curl's -I option which returns the header only. curl -I www.example.com will display a much shorter response beginning with the HTTP status code. If the server operator has correctly configured things, you will see if a 3XX Redirect response is returned.

Varon's answer here describes why this is happening for Google's website which is what you used as an example in your question. My answer here is a more general response that you can attempt to use for any site, but again you are relying on the server giving the correct response which you just can't depend on.

10% popularity Vote Up Vote Down


 

@Gloria169

This is calling Strict Transport Security or better known as HSTS

Google and so on are hardcoded with a HTTPS-response to a HTTP-request. If you open in the Chrome-Browser: chrome://net-internals/#hsts you get the hint:


HSTS is HTTPS Strict Transport Security: a way for sites to elect to always use HTTPS


with a link to www.chromium.org/hsts
In section Preloaded HSTS sites is a full list with all the sites that are delivered in https-only. (The chromium-sourcecode for this is code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json )

Additional you can read about HSTS in Wikipedia: en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
So the things you can do is a normal 301 Moved Permanently Redirect
or (theoretically to complete the options) if you have good arguments, you can try to bring your https redirect in the codebase of all browsers.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme