Apache: Disable redirect from http to https?

Question

I have an apache web server running legacy application (intranet) that use http (not https). Now with the update to Chrome 135, users are always getting redirected to https. I'm not sure if the culprit here is chrome or apache but before the chrome update it still worked fine.

Chrome dev tools has this to say regarding the request:

Request Method: GET
Status Code: 307 Internal Redirect
Referrer Policy: strict-origin-when-cross-origin
cross-origin-resource-policy: Cross-Origin
location: <redirects to https>
non-authoritative-reason: HSTS

How can I disable HSTS? either on the server or the host?

I already followed below advice:

How to disable HSTS header in Apache 2.4?

https://superuser.com/questions/565409/how-to-stop-an-automatic-redirect-from-http-to-https-in-chrome

But that does not solve the issue.

EDIT:

I think it is a chrome issue indeed. I'm not seeing any http request being sent to apache, only https meaning it seems tobe chrome that triggers the redirect.

score 0 · Answer 1 · answered Apr 10 '25 at 05:24

Barley an answer but it might help other that end up here:

Why is the issue happening?

A new setting by corporate IT policy setting the coprorate domain as a preloaded HSTS domain which enforces https for all subdomains.

The issue is therefore unrelated to Chrome and simply a setting change that got released together with a chrome update.

This can be checked in

chrome://net-internals/#hsts

There you can query for your domain and look at the returned values.

In essence with this set, there is nothing one can do, https will be 100% mandatory and enforced. No tricks around it so you need to switch to https.

Apache: Disable redirect from http to https?

1 Answers1