← Back to Blog

Debugging HTTP Redirect Loops: Origin, Proxy, CDN, and HSTS Clues

HTTP · May 27, 2026 · 6 min read

An HTTP redirect loop can come from your app, a reverse proxy, a CDN, or HSTS policy. Trace each hop and identify the exact redirect source.

Technical cover image for Debugging HTTP Redirect Loops: Origin, Proxy, CDN, and HSTS Clues

ERR_TOO_MANY_REDIRECTS Is a Symptom, Not a Diagnosis

A redirect loop means the browser follows a redirect, lands on a URL that redirects again, and eventually hits the redirect limit (usually 20). But the loop can originate from your application, a reverse proxy, a CDN configuration, or even HSTS policy. Tracing each hop individually reveals the exact cause.

Use OpsCheck HTTP Headers to inspect the redirect chain response-by-response. Then verify SSL configuration with OpsCheck SSL Checker — HSTS and certificate issues often trigger redirect storms.

Tracing the Redirect Chain

# Follow redirects and show each hop
curl -L -v https://example.com/ 2>&1 | grep -E "^< HTTP|^< Location|^< Server"

# Show redirect chain without following
curl -I https://example.com/
curl -I -L https://example.com/ 2>&1 | grep "^< HTTP"

# Test specifically for HTTPS-to-HTTP downgrade loops
curl -s -D - -o /dev/null http://example.com/ | head -5

Common Loop Sources

# 1. HTTP → HTTPS redirect + HSTS
# If your app redirects HTTP→HTTPS but the HTTPS page redirects
# to a different HTTP URL (e.g., a legacy subdomain), the loop begins.

# 2. www vs non-www with inconsistent canonical URLs
curl -I https://www.example.com/
curl -I https://example.com/

# 3. Trailing slash redirect in nginx configuration
curl -I https://example.com/blog
curl -I https://example.com/blog/

# 4. CDN forwarding the wrong protocol
curl -H "X-Forwarded-Proto: http" -I https://example.com/

Real-World Scenario

A site behind Cloudflare started returning ERR_TOO_MANY_REDIRECTS after enabling "Always Use HTTPS" in Cloudflare and setting the origin server to redirect HTTP to HTTPS. The loop: browser → Cloudflare (HTTPS) → origin (HTTP) → origin redirects HTTP to HTTPS → Cloudflare (HTTPS) → origin (HTTP) → repeat. The fix was setting Cloudflare's SSL mode to "Full (strict)" so the origin connection was already encrypted, removing the need for the origin redirect entirely. The OpsCheck DNS Lookup confirmed the DNS was resolving through Cloudflare correctly.

# Diagnose by sending requests directly to origin (bypass CDN)
curl -H "Host: example.com" -I https://ORIGIN_IP/

# If origin works but CDN loops, the CDN config is the culprit

Diagnostic Checklist

  • Trace each hop with curl -L -v — identify exactly which URL causes the next redirect
  • Check for HTTP→HTTPS→HTTP patterns — these always loop
  • Verify www vs non-www consistency
  • Temporarily bypass the CDN to isolate origin vs edge behavior
  • Check HSTS header — if max-age is high, the browser will force HTTPS even on HTTP URLs
  • Use OpsCheck HTTP Headers to see the full response header set

Related Articles

Cache-Control and Stale Content: Why Users Still See the Old Page May 28, 2026 · 5 min read Proxy and CDN Header Debugging: Finding the Real Client, Origin, and Cache Layer May 29, 2026 · 6 min read
← Back to Blog