Firefox redirects to https

142
votes

I'm using Firefox, and while setting up a server, I have been fiddling around with redirects. Now, Firefox has cached a 301 redirect from http://example.com/ to https://example.com/ and from http://sub.example.com/ to https://sub.example.com/.

I've tried the following things:

  1. History -> Show all history -> Forget about this site.
  2. Checked that no bookmark with https://example.com/ is present.
  3. Changing browser.urlbar.autoFill to false in about:config.
  4. Changing browser.cache.check_doc_frequency from 3 to 1.
  5. Options -> Advanced -> Network -> Chached Web Content -> Clear now.

None of the above works, so I checked the redirect with Wheregoes.com and it doesn't show any redirect from http to https. I've even changed the DNS to point to another IP served by a server, where I've never set up redirection - the redirection is still in effect.

I've also tried in Private Browsing in Firefox, and there is no redirect there. I've tried in Google Chrome, and there is also no redirect here.

I've also tried to make a redirect from https to http which worked in Google Chrome, and yielded a redirection error in Firefox.

My version of Firefox is 38.0.1, and I'm using Windows 8.1. I use the following addons: AddBlock, Avast! and LastPass. Avast! may not be the issue, as I've disabled it while testing.

Does anybody have suggestions on what I can do about it? Thanks in advance for any help!

13
firefoxredirect
The URL's in the top should not contain spaces between http:// and example.com etc., but I could only include two links with 1 reputation.talouv
I faced the same issue last few days in my local development but I founded some reference bellow Chrome & Firefox now force .dev domains to HTTPS via preloaded HSTS Please read this info. - ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts - medium.engineering/use-a-dev-domain-not-anymore-95219778e6fd For the future development I would suggest you should use .local or .localhost to avoid this issue happen again :)Sophy
This works in Chrome: stackoverflow.com/a/28586593/1069083rubo77
This worked for me stackoverflow.com/a/65325368/10944219kmgt
I'll add here a note that might be useful to someone: my simpler scenario is I was testing an EC2 instance with httpd on it configured for port 80. http://1.2.3.4/ kept being "converted" to https://1.2.3.4. The problema was tha thte httpd server was not responding due to misconfiguration, so Firefox was automatically trying the https protocol Once I fixed httpd, Firefox stopped "converting".Marcello Romani

13 Answers

231
votes

"Sites preferences" are the culprit. Wasted 45min of my life finding how to fix it despite all the kb/support.mozilla tricks which does not solve your issue nor did mine. I don't know what triggers this issue, but several of my websites started to go pear-shaped in a few weeks only affecting me and only firefox.

That's the solution you are all looking for:

  1. Go to Preferences
  2. Privacy
  3. Click 'Clear your history' (nothing will happen yet, click safely)
  4. Once the pop-up appears, click Details.
  5. Untick everything except 'Sites Preferences'
  6. Select 'Everything' in the select box at the top
  7. Click Ok
  8. Try now

Firefox capture

PS: What I did try that did not worked for me are:

  • urlbar.autofill false
  • Forget Website trick
  • Safe mode
  • We all know it is not an HSTS issue when a website you own and you accessed before never got https support but now FF wants you to use https... It is just a firefox bug IMO.
97
votes

The solution that worked for me:

  1. Go to about:config
  2. Look for network.stricttransportsecurity.preloadlist and set it to "false"
  3. Enjoy

If the above STILL DOES NOT WORK, try setting browser.fixup.fallback-to-https to "False" from about:config

38
votes

I had the same problem but the answer was that I used a .dev extension to access my local websites !

I cleared all historic data in FF and nothing changed.

Searching for another solution, I found this page https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/

With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. If you're looking for a quick "search and replace" alternative for existing setups, consider the .test gTLD, which is a reserved name by IETF for testing (or development) purposes.

I changed my local website extensions from .dev to .test and all work perfectly !

12
votes

Check your extensions!

In my case, DuckDuckGo Privacy Essentials extension was causing this redirect. I disabled it, and the problem is solved.

12
votes

None of the answers worked for me, the only the one was the one in the comment of Muhammad so thanks in advance to him, I copy the answer here to make it easier:

  • Go to about:config
  • Look for browser.fixup.fallback-to-https and set it to false
10
votes

Alternative solution, easy.

Open Firefox and in the address bar type this URL

http://example.com/?fake_parameter_to_bypass_cache

This should force the browser to reload the web page from http://

1
votes

In my case, I decided to use a *.dev domain for local development. But then I tried to open the site in Firefox, and after a while I realized it uses HTTPS, even when I start the url with "http://..." I tried to right-click on the link in the History, and choose Forget About This Site, or clear the cache. But it didn't help.

Later I found out that the dev domain is in HSTS preload list these days. Which means Firefox and Chrome (and probably others) don't let you access the subdomains over HTTPS. More on it here and here.

1
votes

I tried the 'correct' answer, plus the comment about including cache in the deletion, and I was still having issues with my problem site.

I opened the firefox profile directory and searched for the website name in all files.

I found it in 'logins-backup.json' and deleted that file to finally fix the problem.

1
votes

Now (Firefox 84) it is much simpler to clear the site's data. Just click the padlock icon on the left of the address bar. Then choose "Clear cookies and site data". I had the same situation as what OP did. It helped me to clear the HTTPS redirect.

0
votes

In my case, it was an addon that did it: disabling DuckDuckGo privacy essentials fixed it.

0
votes

I had this issue when running Firefox with OWASP ZAP proxy. I didn't knew it was the proxy causing this. In hindsight it's easy to test this: run Firefox without OWASP ZAP proxy to see if it works. To get it working with OWASP ZAP, turn off Heads Up Display (HUD) or enable the HUD only for URL's that are in scope.

-1
votes

Now, I had this issue on my workstation's development site. I had an old site that I still wanted to reference, and I couldn't get http to work for anything. There was not https binding, either.

Finally, I realized I had a url-rewrite in my webconfig that redirected all http to https...

hahahaha

-3
votes

Disabling https, is not an absolute in Firefox. Some sites will redirect and may not offer http.

However to choose one url over the other if it is an option you can disable autofil:

Address Bar Search In order to change your Firefox Configuration please do the following steps :

In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise! to continue to the about:config page. In the filter box, type or paste autofill and pause while the list is filtered Double-click browser.urlbar.autoFill to toggle it from true to false.