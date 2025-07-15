-
If the browser caching the http/https redirecting there is no way to disable it.
I running in the following:
I have an internal test site with proper http and https access. For testing purposes I set up a forced http to https rule in my apache webserver. After the testing, removed the rule but the browser is still redirecting http to https. No hsts rules set for this domain and the browser force https option is disabled. Because the browser caching the redirecting the dev tools disable cache not working (cannot set disable cache for http).
In private window, no auto redirecting so its clearly a cache problem.
In this specific case I set up a server rule to redirecting my page from https to http so this clears/updates the cache, but this is only a workaround if we can modify the server side. Please bring back the old cache page or create similar functionality because currently can't do anything with the cached protocol redirects.
-
@Fefy said in Cache viewer/editor like the old vivaldi:cache page:
If the browser caching the http/https redirecting there is no way to disable it.
I your server sends a HTTP header Strict-Transport-Security (HSTS), you can query and remove the domain at internal page
vivaldi:net-internals/#hsts
You should keep care that such HSTS header does no apply for subdomains, too!
Check in DeveloperTools → Network → Doc for
Strict-Transport-Security: ...... ;includeSubDomains
-
@DoctorG said in Cache viewer/editor like the old vivaldi:cache page:
I your server sends a HTTP header for strict-transport-security (HSTS), you can query and remove the domain at internal page vivaldi:net-internals/#hsts
My webserver not configured for HSTS, so in this case this is not the problem.
This is the raw request header:
GET / HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cache-Control: no-cache Connection: keep-alive Host: ********* Pragma: no-cache Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Sec-Fetch-User: ?1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 device-memory: 8 downlink: 10 dpr: 1 ect: 4g rtt: 0 sec-ch-device-memory: 8 sec-ch-dpr: 1 sec-ch-prefers-color-scheme: dark sec-ch-prefers-reduced-motion: no-preference sec-ch-prefers-reduced-transparency: no-preference sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Vivaldi";v="7.5" sec-ch-ua-arch: "x86" sec-ch-ua-bitness: "64" sec-ch-ua-form-factors: "Desktop" sec-ch-ua-full-version: "138.0.7204.143" sec-ch-ua-full-version-list: "Not)A;Brand";v="8.0.0.0", "Chromium";v="138.0.7204.143", "Vivaldi";v="7.5.3735.34" sec-ch-ua-mobile: ?0 sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-wow64: ?0 sec-ch-viewport-height: 464 sec-ch-viewport-width: 1920 viewport-width: 1920
This is the raw response:
HTTP/1.1 200 OK Date: Tue, 15 Jul 2025 08:33:57 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Accept-Ch: sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-ua-form-factors Content-Length: 260 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; Charset=utf-8;charset=UTF-8
This is the corresponding server vhost config:
<VirtualHost *:80> ServerAlias ******* ServerAdmin webmaster@**** UseCanonicalName off VirtualDocumentRoot "/srv/www/%1" </VirtualHost> <VirtualHost *:443> ServerAlias ********** ServerAdmin webmaster@***** UseCanonicalName off VirtualDocumentRoot "/srv/www/%1" SSLEngine on SSLCertificateFile /etc/apache2/cert/****** SSLCertificateKeyFile /etc/apache2/cert/****** Header set Accept-Ch "sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-ua-form-factors" </VirtualHost>
When try to open the url with http, the following the requests are shown in the Network tab:
I think maybe the "Upgrade-Insecure-Requests: 1" from the browser causing the problem. However the server not sending 301 to redirect to https so this is interesting.
-
Ah, ok. The then the culprit is Chromium core always use SSL when a server has HTTP and HTTPS for the domain — but such internal redirect exists since many months.
Can not be changed by settings.
- https://blog.chromium.org/2023/08/towards-https-by-default.html
- https://groups.google.com/a/chromium.org/g/blink-dev/c/cAS525en8XE
I had not tested if in Vivaldi chrome://settings/content/insecureContent and add domain under "Allowed to show insecure content" works.
-
Addig my domain to insecureContent is the solution.
The request header is changed to this:
GET / HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Connection: keep-alive Host: ***** Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Other than this is a really stupid solution but working.
Without this list the network tab showing a 307 temporary redirected status code for a couple of ms if I watch it carefully.
The funny thing is the webserver not logging this redirection so with default logging level this is invisible on server side.