Redirect non-www http to https://www.

CosmicSound · June 12, 2025, 6:54pm

Hi,

Using latest up to date edge release of apiscp, and this based on using the original redirection from notes.apiscp.com .

❯ curl -Iv http://mezi4steny.cz                                                                                           
* Host mezi4steny.cz:80 was resolved.
* IPv6: (none)
* IPv4: 137.74.247.204
*   Trying 137.74.247.204:80...
* Connected to mezi4steny.cz (137.74.247.204) port 80
> HEAD / HTTP/1.1
> Host: mezi4steny.cz
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Date: Thu, 12 Jun 2025 18:48:07 GMT
Date: Thu, 12 Jun 2025 18:48:07 GMT
< Server: Apache
Server: Apache
< Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: strict-origin-when-cross-origin
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
X-Xss-Protection: 1; mode=block
< Location: https://mezi4steny.cz/
Location: https://mezi4steny.cz/
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1
<

Wordpress has in settings https://www. for both settings.

Anyone knows how this can be avoided? Since it leads to issues with SEO audits:

thank you

msaladna · June 12, 2025, 9:04pm

A browser can send whatever protocol against whatever hostname it chooses to. It’s up to the browser to follow future directives. A server will report whatever status code. It’s up to the browser to obey it. If [R] is specified without a specific status code, 302 is assumed. 302 is a temporary redirect.

RewriteRule ^(.*)$ https://www.DOMAIN-NAME/$1 [R=301] will recommend to the browser for the redirection to remain permanent. It’s up to the browser to obey it. Relying on %{HTTP_HOST} alone may redirect www.DOMAIN-NAME to www.www.DOMAIN-NAME, so we use the literal domain name here.

Later releases add support for HSTS. This can be configured by settings Account > Settings > SSL > Strict Transport Security > Always send HSTS headers.