Is there a way around HTTPS being redirected to HTTP?
I have come across something of a curious situation that a website (Palestinian News Network) has a valid TLS certificate (see here) but that the website always forces loading of the site via http://.
(This includes the main domains as well as the referenced sub domains.)
So:
Is there any way that I as a client can establish if there is a MITM/attacker which is denying/redirecting HTTPS connection? (this cause is suggested by the "HTTPS Everywhere" plugin)
Assuming there is no MITM attacker, is there any way that I as a client can force the server to maintain the valid secured connection?
What are some methods as to how the server can enforce redirecting valid HTTPS connection? I've found this issue very hard to research as, expectedly, search results are nearly all about doing it the other way around ("how to
http-->https" etc. etc.).
Try the website address here, note I am going straight to the secured protocol:
https://english.pnn.ps [mod note: it's HTTPS at last access of Mar 2024]
