diff --git a/specs/VBA-Web - Specs.xlsm b/specs/VBA-Web - Specs.xlsm
index d4fba610..369b71cf 100644
Binary files a/specs/VBA-Web - Specs.xlsm and b/specs/VBA-Web - Specs.xlsm differ
diff --git a/src/WebClient.cls b/src/WebClient.cls
index 1a72229c..30c08f82 100644
--- a/src/WebClient.cls
+++ b/src/WebClient.cls
@@ -507,15 +507,7 @@ Public Function PrepareHttpRequest(Request As WebRequest, Optional Async As Bool
     End If
     
     ' Setup security
-    '
-    ' By default:
-    ' - Enable certificate revocation check (especially useful after HeartBleed)
-    ' - Disable redirects (matches cURL behavior)
-    web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableCertificateRevocationCheck) = True
-    web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableRedirects) = False
-        
     If Me.Insecure Then
-        ' Disable SSL validation
         ' - Disable certifcate revocation check
         ' - Ignore all SSL errors
         '   Unknown certification authority (CA) or untrusted root, 0x0100
@@ -523,8 +515,22 @@ Public Function PrepareHttpRequest(Request As WebRequest, Optional Async As Bool
         '   Invalid common name (CN), 0x1000
         '   Invalid date or certificate expired, 0x2000
         '   = 0x3300 = 13056
+        ' - Enable redirects
+        ' - Enable https-to-http redirects
         web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableCertificateRevocationCheck) = False
         web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_SslErrorIgnoreFlags) = 13056
+        web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableRedirects) = True
+        web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableHttpsToHttpRedirects) = True
+    Else
+        ' By default:
+        ' - Enable certificate revocation check (especially useful after HeartBleed)
+        ' - Ignore no SLL erros
+        ' - Disable redirects (matches cURL behavior)
+        ' - Disable https-to-http redirects
+        web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableCertificateRevocationCheck) = True
+        web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_SslErrorIgnoreFlags) = 0
+        web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableRedirects) = False
+        web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableHttpsToHttpRedirects) = False
     End If
     
     ' Set headers on http request (after open)