Moving CDNs to HTTPS

Testing the effects of redirecting HTTP -> HTTPS for assets hosted by third party CDNs (e.g. code.jquery.com or ajax.googleapis.com).

Read the background, results, and conclusions.

This page must be hosted on an insecure (http://) connection to properly test the redirect, otherwise mixed-content blocking will interfere with the tests.

plain-cdn.konklone.io serves only HTTP.
cdn.konklone.io redirects HTTP to HTTPS (no Strict Transport).
www.cdn.konklone.io redirects HTTP to HTTPS (with Strict Transport set).
Fetched resources are not cached.

Code and server config is on GitHub. Test by Eric Mill, who wants all CDNs to force redirects from HTTP to HTTPS.

Control: <script> tag for HTTPS asset:


    
      https://cdn.konklone.io/js/script_control_https.js

Control: <script> tag for HTTP asset.


    
      http://plain-cdn.konklone.io/js/script_control_http.js

Test: <script> tag for HTTP->HTTPS asset redirect.


    
      http://cdn.konklone.io/js/script_redirect.js

Control: CORS GET request for HTTPS asset.


    
      https://cdn.konklone.io/js/cors_control_https.js

Control: CORS GET request for HTTP asset.


    
      http://plain-cdn.konklone.io/js/cors_control_http.js

Test: CORS GET request for HTTP->HTTPS asset redirect.


    
      http://cdn.konklone.io/js/cors_redirect.js

Test: CORS GET request for HTTP->HTTPS asset with HSTS.


    
      http://www.cdn.konklone.io/js/cors_hsts.js