The Computer Oracle

Are there well known HTTP-only sites?

--------------------------------------------------
Hire the world's top talent on demand or became one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Darkness Approaches Looping

--

Chapters
00:00 Are There Well Known Http-Only Sites?
00:39 Accepted Answer Score 60
02:12 Answer 2 Score 11
02:38 Answer 3 Score 9
03:21 Answer 4 Score 13
03:26 Thank you

--

Full question
https://superuser.com/questions/1213116/...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#googlechrome #http #https

#avk47


ACCEPTED ANSWER

Score 60


A well-known public HTTP only site will resolve this

You can use http://neverssl.com:

What?

This website is for when you try to open Facebook, Google, Amazon, etc on a wifi network, and nothing happens. Type "http://neverssl.com" into your browser's url bar, and you'll be able to log on.

How?

neverssl.com will never use SSL (also known as TLS). No encryption, no strong authentication, no HSTS, no HTTP/2.0, just plain old unencrypted HTTP and forever stuck in the dark ages of internet security.

Why?

Normally, that's a bad idea. You should always use SSL and secure encryption when possible. In fact, it's such a bad idea that most websites are now using https by default.

And that's great, but it also means that if you're relying on poorly-behaved wifi networks, it can be hard to get online. Secure browsers and websites using https make it impossible for those wifi networks to send you to a login or payment page. Basically, those networks can't tap into your connection just like attackers can't. Modern browsers are so good that they can remember when a website supports encryption and even if you type in the website name, they'll use https.

And if the network never redirects you to this page, well as you can see, you're not missing much.



ANSWER 2

Score 13


Old thread, but here's another one: http://httpforever.com/



ANSWER 3

Score 11


These answers came from the comments and I believe they need a separate entry in the answers so they can be easily found.

http://google.com/generate_204

(from @GiantTree)

http://captive.apple.com/

(from Virtually Nick)

http://detectportal.firefox.com/success.txt

(added here because similarly used by a browser)

NeverSSL did not work in my ISP's captive portal but the one from Google did.



ANSWER 4

Score 9


This website is for testing ssl: https://badssl.com/

It includes several subdomains that intentionally will never have ssl enabled, such as:

For some reason, when I tried http://neverssl.com, I was forwarded to a different website with SSL enabled: https://wholesilveryoungsecret.neverssl.com/online/. So it seems that it currently can't serve its one intended purpose.

badssl.com seems more reliable now.