Testing the effects of redirecting HTTP -> HTTPS for assets hosted by third party CDNs (e.g. code.jquery.com
or ajax.googleapis.com
).
Read the background, results, and conclusions.
This page must be hosted on an insecure (http://
) connection to properly test the redirect, otherwise mixed-content blocking will interfere with the tests.
plain-cdn.konklone.io
serves only HTTP.cdn.konklone.io
redirects HTTP to HTTPS (no Strict Transport).www.cdn.konklone.io
redirects HTTP to HTTPS (with Strict Transport set).Code and server config is on GitHub. Test by Eric Mill, who wants all CDNs to force redirects from HTTP to HTTPS.
https://cdn.konklone.io/js/script_control_https.js
http://plain-cdn.konklone.io/js/script_control_http.js
http://cdn.konklone.io/js/script_redirect.js
https://cdn.konklone.io/js/cors_control_https.js
http://plain-cdn.konklone.io/js/cors_control_http.js
http://cdn.konklone.io/js/cors_redirect.js
http://www.cdn.konklone.io/js/cors_hsts.js