Operating system:
Browser version:
32-bit or 64-bit browser?:
Problem URL:
Browser theme (if not default):
Installed add-ons:
Installed plugins: (about:plugins):
I apologize if this is not the correct forum for this, but I could not find anywhere else that seemed appropriate.
This is an observation, not necessarily a bug or other issue, that has left me quite puzzled. I have been observing over the last few days that Pale Moon sends an "X-HTTPS: 1" header for base domains like "abc.com", but not for subdomains like "xyz.abc.com". This is not an order of request issue. I can request "xyz.abc.com" from a clean start and I do NOT see the "X-HTTPS: 1" header sent; but if I subsequently request "abc.com", I DO see the "X-HTTPS: 1" header sent. This is a puzzlement to me. It may be by deliberate design, but I am curious as to the reasons why, if so. Thanks in advance for any info.
X-HTTPS Header Not Sent For Subdomains
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
Within The Pale
- New to the forum
- Posts: 2
- Joined: 2022-12-06, 01:37
X-HTTPS Header Not Sent For Subdomains
Last edited by Moonchild on 2022-12-06, 07:02, edited 1 time in total.
Reason: Correct topic title
Reason: Correct topic title
“If philanthropy is not voluntary, it destroys liberty and justice. The law can give nothing that has not first been taken from its owner.” -- Frederic Bastiat, The Law
“Now there’s no more [lofty] oak oppression, for they passed a noble law; and the trees are all kept equal by hatchet, axe, and saw.” -- Neil Peart, The Trees
“Now there’s no more [lofty] oak oppression, for they passed a noble law; and the trees are all kept equal by hatchet, axe, and saw.” -- Neil Peart, The Trees
Re: X-HTTP Header Not Sent For Subdomains
X-HTTPS is not a standard request header. It does seem some configurations of server front-ends add this header to pass to a back-end (e.g. using a reverse proxy) to explicitly indicate the initial connection to the server was made over https (as a back-end server might otherwise have no way to determine the inbound connection's TLS state if proxied) but that would be something that is done server-side.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Within The Pale
- New to the forum
- Posts: 2
- Joined: 2022-12-06, 01:37
Re: X-HTTP Header Not Sent For Subdomains
Thank you! I appreciate the rapid response.
So the X-HTTPS header is not something that Pale Moon is sending, but rather something that certain servers are injecting into the request headers before they arrive at the back-end processor, like PHP. Still weird how apparently inconsistent it is but at least that is a server issue, and can be ignored.
So the X-HTTPS header is not something that Pale Moon is sending, but rather something that certain servers are injecting into the request headers before they arrive at the back-end processor, like PHP. Still weird how apparently inconsistent it is but at least that is a server issue, and can be ignored.
“If philanthropy is not voluntary, it destroys liberty and justice. The law can give nothing that has not first been taken from its owner.” -- Frederic Bastiat, The Law
“Now there’s no more [lofty] oak oppression, for they passed a noble law; and the trees are all kept equal by hatchet, axe, and saw.” -- Neil Peart, The Trees
“Now there’s no more [lofty] oak oppression, for they passed a noble law; and the trees are all kept equal by hatchet, axe, and saw.” -- Neil Peart, The Trees
Re: X-HTTP Header Not Sent For Subdomains
Correct. So if PHP is sitting behind e.g. Apache, then Apache may be configured to pass on this header if the browser connection to Apache was made over https (since your PHP in that case might not be able to directly see the connection was https if the URL also does not retain that information or is not passed down). The inconsistency would be because of how Apache is configured in that case.Within The Pale wrote: ↑2022-12-06, 02:20something that certain servers are injecting into the request headers before they arrive at the back-end processor, like PHP
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite