I found out that Safari browser will redirect your https request to http if a 3xx redirect to http was sent as a response to your request. Issue is that no warning is being presented that I am being switched to http. This can be observed by visiting "https : // www bbc com / news" which responds with a 3xx redirect to http (non SSL). Is this not viewed as security risk? Does it not make easier for folks setting up false fishing sites, bypassing cert authentication? Ok, technically one would have to replace the homepage (index page) on the web server, which seems to be a never ending battle in cyberspace, website hijacking is almost a daily occurence. Safari does notify when you are switching from an existing https session (received HTTP 200 OK reply to first https request from what I can tell) to plain http. Other browsers seem to behave the same, though I do not care for comparisons.
Thanks.
