I have a web site
www.stringtheoryjazz.com
that suddenly starting redirecting to
www.shaadicreations.com
a completely unknown (to me) site.
I am working with my hosting company (GoDaddy) and when they tested it, it was fine. Then when I tried it on Edge, it’s fine.
Connecting from different servers doesn’t help.
Clearing cache (but not cookies) doesn’t help.
What can cause this just on one browser?
Why clear your cache but not your cookies? Clear them as well. FWIW, you don’t need to delete all the cookies, just the ones for the site(s) in question.
What do you mean by that?
This is almost certainly related to your specific device and more likely, to your browser(s) on that device. If the problem existed outside of your computer, all your browsers would exhibit the same problem.
One other thing, is the site you’re being redirected to of any relevance to you? For example, did you change URL from one to the other or do you own both of them? My concern is that if your browser is redirecting to some random site you’ve never heard of, you might have some malware to deal with.
I went to the site on Safari and it looked fine. However, on the same computer I used curl to read the HTTP headers and got this:
$ curl -k -D- https://stringtheoryjazz.com
HTTP/2 301
x-powered-by: PHP/7.3.33
x-pingback: https://www.shaadicreations.com/xmlrpc.php
x-redirect-by: WordPress
location: https://www.shaadicreations.com/
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Sep 2024 20:30:18 GMT
server: Apache
It appears that your headers are telling the client to redirect to shaadicreations.com. But I don’t understand why some browsers are not doing that redirect, unless the headers are not always the same. But I tried several refreshes with Safari and it always looked fine, and several invocations of curl and it always showed the redirect. I can’t fully explain this but I would look into your Wordpress configuration and see if you can see if something there is causing the redirect.
Maybe the computers that aren’t redirecting are the ones that need the cache/cookies cleared, the other ones are correctly following the redirect.
It might be worth checking whether the server is redirecting on the user-agent setting (in other words, specific web browsers get the redirect), although I have no idea wjy that would seem like a good idea.
@CookingWithGas, whatever’s happening, the website serving up your intended web page seems to be intentionally sending a redirect sometimes (as you report, when you’re browsing with Chrome).
You can tell that by @markn_1’s curl response: the x-redirect-by header says that WordPress, the site hosting software, is doing it.
Maybe there’s something in your Chrome configuration that’s confusing the webserver? Maybe the URL is mistyped when you entered it in Chrome and someone is DNS typosquatting?
You might try looking at the website in Incognito mode, to eliminate stores data like caching or cookies.
Reported to break the 2nd link in the OP, since it might harbor malware.
Sorry, I glossed over that. I used a VPN to connect through servers in various wide-ranging locations.
That’s interesting because my site is not a WordPress site. It’s raw PHP/HTML. I wonder if my site was somehow hacked on the server to redirect through WordPress. I don’t know the first thing about WordPress so I’ll have to do some homework but I do know it’s available on the web host.
As mentioned my site is not a WordPress site, so this may be a clue.
I reproduced this, basically the same but slightly different results:
curl -k -D- https://stringtheoryjazz.com
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Sep 2024 22:05:36 GMT
Server: Apache
X-Powered-By: PHP/7.3.33
X-Pingback: https://www.shaadicreations.com/xmlrpc.php
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade
Location: https://www.shaadicreations.com/
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Well, this is a hoot. I sent the curl results to GoDaddy and they said the issue is that I do not have SSL configured for my site. And my hosting account is on a shared server, so it provides a redirect to the nearest site that does have SSL.
That sounds completely unreasonable to me. What kind of bullshit is this? They keep trying to make it sound like it’s my fault for not having SSL, even though it’s their server that is doing this.
I don’t know why this is happening only on my browser. It doesn’t happen on my wife’s, any of yours, or anyone else’s who has tried.
I know that most sites nowadays use https, but my site is just informational; I’m not selling anything. We do have a Contact Us page where the user can include an email address, but I don’t consider that to be highly sensitive.
GoDaddy is trying to sell me SSL for hundreds a year for a site that I just use to promote a jazz trio. And you can imagine the big bucks that just roll in the door for that business. 
So they’re telling me I either need dedicated hosting, or get SSL.
Any thoughts from you folks?
Let’s Encrypt is free.
I’ve been in the networks game for a long time, and this may be the stupidest decision I’ve run across in memory.
That is really interesting. I was working for Network Solutions when they got acquired by VeriSign, which was the turning point where VeriSign pivoted from being primarily a CA to operating domain registries. I did not know there were any free options.
That’s for the cert. I have no idea how to implement a cert on my web site. I suspect GoDaddy has figured out how to charge me for whatever server support is necessary. Their fee includes the cert.
Honestly I don’t know if that’s how it’s designed, or if the tech was just talking out her ass. Sometimes those people are pretty smart but for edge cases they don’t like to admit that they have no idea what’s happening.
Case in point: @markn_1 thought to read back the header from curl and the experts at
GoDaddy did nothing more than type the URL into their browsers and say, “Looks OK to me.”
What really has me baffled is that I cannot find anyone besides me whose browser actually redirects the site.
I use Let’s Encrypt with GoDaddy.
It does work, but it requires manual intervention every 90 days. Let’s Encrypt expires their certificates after 90 days, on the basis that everybody should automate the cert update process. But GoDaddy makes it impossible to automate without paying them. It only takes a few minutes to update but it’s a pain having to do it so frequently.
The instructions are a bit involved, but I can put some together if you’re interested.
Most browsers will warn these days if you don’t support SSL. It’s not a bad idea but I find it a bit overbearing. My site does not transmit any secure info and so there’s no point to encryption.
Firefox, Edge, and Chrome on Windows all redirect for me, but only after I click through the security warning.
The easiest solution right now is to leave GoDaddy and get a new host, pronto. They are shit, their business practices are shit and their support is shit.
Unless you’ve already put a ton of money up front into a contract, just go. Put your domain name elsewhere (I like NameCheap) and find a new host and say goodbye.
I’ve enjoyed SiteGround as a host but I do believe they are expensive. DreamHost has been ok too. But all my PHP sites are Wordpress sites I inherited.
Google is a massive advertising company. THE massive advertising company. HTTPS is promoted by Google to protect their advertising revenue. HTTPS is a protocol with an extra S, which replaces HTTP – HyperText Transfer Protocol. httpS also has some benefit in protecting your online banking, which is the cover Google needs to justify their protection of their online advertising business.
Google produces a browser called Chrome. Chrome tries to force you to use HTTPS instead of HTTP, because Google thinks that it’s a good idea to use HTTPS instead of HTTP.
So yes, Google Chrome automatically puts you through HTTPS redirects if it can, and warns you or blocks you absolutely if it can. And Microsoft Edge prefers HTTPS, but lets you use HTTP if you insist. And there is a certain amount of adjustment available, but the range of options is different, and the defaults are different.
Google’s interest in HTTPS started with ISPs substituting their own advertising to replace third-party advertising served up by websites. My own position on HTTPS derives from a totally unrelated technical and commercial problem that is completely irrelevant to you, your friends and family. I’m not a disinterested advisor.
But yes, you have a HTTPS problem that is different on Chrome than on Edge. And many more people use Chrome than use Edge.
I’m starting to agree with you. I made one more call this morning. The first guy said that SSL support was included in my hosting plan so they just need to turn it on. Then he transferred me to someone else who said, no, I would have to upgrade at a cost of $365.
They did agree to refund me the $90 I paid for additional security. I requested the refund because they sold it to me under false pretenses. They claimed I had malware on my site, when it turned out to be their server policy.
The second person I talked to was useless. I explained what was going on with the redirect and she said, “We have no control over what’s going on on the server.” I said, “It’s your server. You have one hundred percent control over that. What are you talking about?” It went downhill from there.
I recently renewed hosting for three years at a cost of $500. It’s a sunk cost but I hate to just kiss it goodbye but I’m going to review options.
I would greatly appreciate that and buy you your favorite beverage if you are willing.