Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DuckDuckGo information is wrong #110

Closed
linusg opened this issue Apr 1, 2019 · 5 comments
Closed

DuckDuckGo information is wrong #110

linusg opened this issue Apr 1, 2019 · 5 comments

Comments

@linusg
Copy link

linusg commented Apr 1, 2019

image

As you can see, HTTPSWatch claims DuckDuckGo wouldn't redirect to HTTPS, which is not the case: both http://duckduckgo.com and http://www.duckduckgo.com redirect to https://duckduckgo.com/ (with HTTP status 301 Moved Permanently).

$ curl -I http://duckduckgo.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 01 Apr 2019 18:56:49 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://duckduckgo.com/
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
X-XSS-Protection: 1;mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Expect-CT: max-age=0
Expires: Tue, 31 Mar 2020 18:56:49 GMT
Cache-Control: max-age=31536000
$ curl -I http://www.duckduckgo.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 01 Apr 2019 18:56:41 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://duckduckgo.com/
Strict-Transport-Security: max-age=31536000
Expires: Tue, 31 Mar 2020 18:56:41 GMT
Cache-Control: max-age=31536000
@alex
Copy link
Contributor

alex commented Apr 1, 2019

If you use the Mozilla User-Agent used here, Mozilla/5.0 compatible HTTPSWatch Bot (https://httpswatch.com) Firefox/48.0, it no longer redirects. Not sure why it has this selective behavior.

@linusg
Copy link
Author

linusg commented Apr 1, 2019
edited
Loading

@alex that's odd, I have no idea why they'd do such a thing. Pretty stupid, IMO. Then technically the statement is correct, at least in some cases 😕

FWIW, I've tried some variations of the UA you provided and it only seems to not redirect once there's "(http" in there, case insensitive:

Redirect

  • Mozilla/5.0 compatible ( HTTPSWatch https://httpswatch.com)
  • Mozilla/5.0 compatible HTTPSWatch https://httpswatch.com)
  • Mozilla/5.0 compatible HTTPSWatch https://httpswatch.com
  • Mozilla/5.0 compatible ( http )
  • Mozilla/5.0 compatible http(
  • Mozilla/5.0 compatible https)
  • Mozilla/5.0 compatible (htt

No redirect

  • Mozilla/5.0 compatible (HTTPSWatch https://httpswatch.com)
  • Mozilla/5.0 compatible (HTTPSWatch https://httpswatch.com
  • Mozilla/5.0 compatible (http
  • Mozilla/5.0 compatible (http)
  • Mozilla/5.0 compatible (https
  • Mozilla/5.0 compatible (https)
  • (http
  • (HTTP
  • test (http
  • (httptest

@alex
Copy link
Contributor

alex commented Apr 1, 2019 via email

@linusg
Copy link
Author

linusg commented Apr 1, 2019

I've reached out on Twitter. If they don't respond or silently fix it, I might look for an email address. I'll then post an update here.

@linusg
Copy link
Author

linusg commented Apr 13, 2019

No response, nothing changed. What a shame. Anyway, let's just close this.

@linusg linusg closed this as completed Apr 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alex @linusg