I am technical but know little to nothing about this - but I am a learning addict and I am trying - sometimes very.Brummelchen wrote:your examples point iut server error - admin is stupid.
its not firefo redirecting to www. - its the server.thats what i told you above, there is nothing you can do.the cert is only valid for extremepeptides.com.
chrome behaves other because it uses (in your case) the windows cert store - which is also used by edge or internet explorer.
to see what the server response you need to open the network inspector in firefox.
https://extremepeptides.us2.list-manage ... 7cdf330645
is a method GET request and response is "302 moved" and server answers with http://www.extremepeptides.com
in one point you are right - chrome haves different. chrome receives a "200 ok"
and this is not the first time i saw this. i know that the difference is caused by server, but i can not tell you why.
I looked at the info and see that Upgrade-insecure-requests is the last item in the listing.
In viewing the 'more info' it seems to me that this should send FF to the correct site without the www.
===========
A client requests signals to the server that it supports the upgrade mechanisms of upgrade-insecure-requests:
GET / HTTP/1.1
Host: example.com
Upgrade-Insecure-Requests: 1
The server can now redirect to a secure version of the site. A Vary header can be used so that the site isn't served by caches to clients that don’t support the upgrade mechanism.
Location: https://example.com/
Vary: Upgrade-Insecure-Requests
=========
Chrome, FF, & Opera support this.
Am I reading this wrong?
If not, is that where the problem is?
The server is redirecting to https://www........ which is insecure by reason of certificate validity.
but isn't Upgrade-insecure-requests suppose to enable fixing that?
If Chrome handles it, it can't be that Chrome knows what the correct URL is - they must be getting it from the server.
but the server isn't giving FF the correct one - so FF must be asking the wrong question.
But then if FF knows what the correct URL is, why isn't it going there instead of faulting.