Redirect https to http despite permanent redirects from http to https

[rdn]

I figure it out @Marcus
How to force redirect from https to http even if Strict-Transport-Security is already cached on the browser.
I just change the max-age=0.

add_header Strict-Transport-Security "max-age=0";

Working perfectly for me.

 

[rdn]

I read it from here https://tools.ietf.org/html/rfc6797

 

[TPerry]

Why are people doing this? Doesn't it just make sense to stay with HTTPS?

Not always. Some API calls I'm needing to use either
A) Cost extra to utilize SSL
B) Don't work

 

[nemke]

It's little to late now, but maybe it would worked if you redirected from https back to http with little bit changed URL like "http://domain.com/?redirect=back".

Also, are you sure that 301 are cached permanently? I was under impression that they are cached per session.

 

[Fred.]

I can think of one valid reason. If user wants to take advantage of CDN to offload their static images but do not want to incur the much higher costs and setup fees that most CDN providers charge for custom SSL certificate backed CDN usage. For example Cloudflare is like US$600/yr per domain for custom SSL/https CDN setup. If you have 5 domains needing such = US$3,000/yr in setup fees for CDN + SSL

If this isn't the reason, then might as well stick with SSL/https redirects.

I know, that's why I use their shared SSL. The url doesn't look that nice then but the rest the same.
For a small board it's not worth paying the custom SSL fee just to make the url look nice.