Announcing our new API documentation!
Check it out here
Knowledge Base
/
Upgrade HTTP Requests

Upgrade HTTP requests: force HTTP to HTTPS

Force incoming HTTP requests to HTTPS before performing the redirect. Where it lives, when to use it, and trade-offs.

On this page:

Overview

The Upgrade HTTP Requests toggle in a redirect's Advanced Settings forces SiteDetour to 302 any incoming HTTP request to HTTPS on the same host before running the configured redirect. The result is an extra hop for HTTP visitors, but it guarantees the target-bound redirect only ever happens over TLS.

Where to find it

Open a redirect, click Advanced Settings, and toggle Upgrade HTTP Requests.

Behavior

With the toggle off (default):

  • HTTP request → 302 directly to the target URL, over HTTP.
  • HTTPS request → 302 directly to the target URL, over HTTPS.

With the toggle on:

  • HTTP request → 302 to the HTTPS version of the same hostname/path, then 302 to the target URL.
  • HTTPS request → 302 directly to the target URL.

Example: with the toggle on, a request for http://example.com/ first 302s to https://example.com/, which then 302s to whatever target the redirect points at.

When to enable

  • You want to guarantee the final redirect step happens over TLS, even when visitors click HTTP links.
  • Your target URL doesn't self-upgrade, so direct HTTP redirects to it would leak the Location header in plaintext.
  • You want to discourage HTTP links in the wild by making them visibly slower (two hops).

When not to enable

  • You're behind Cloudflare with Always Use HTTPS on. Cloudflare upgrades before SiteDetour ever sees the request; an additional upgrade is redundant.
  • You need the tightest possible redirect chain. Upgrade adds a hop.

Pairing with HSTS

Upgrade HTTP Requests and Enable HSTS Support work together:

  • First-time visitors on HTTP get upgraded by the Upgrade toggle.
  • After that first visit, HSTS tells their browser to never use HTTP again. Subsequent visits skip the upgrade hop and go straight to HTTPS.

Enabling both gives you the best of both worlds: safe first visits, and minimal hops from then on.

Pairing with Reverse Proxy Support

If your domain sits behind Cloudflare or another reverse proxy, the connection SiteDetour sees is always HTTPS (proxy-to-origin), regardless of what the visitor used. Upgrade HTTP Requests is never triggered by proxy traffic — it's only meaningful when the visitor connects directly to SiteDetour's edge.

Analytics impact

With the toggle on, the HTTP-to-HTTPS hop shows up as an HTTP hit in the Request Protocol analytics chart. Expect HTTP share to be non-zero even on an all-HTTPS setup; that share represents first-time visitors whose browser hasn't yet learned to auto-upgrade.

Next steps

SiteDetour Logo
Join our newsletter to stay updated on features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from our company.
Thank you! Please check your inbox for a confirmation email.
Oops! Something went wrong while submitting the form.
Product
Support
Documentation
Find us
© All rights reserved. Sitedetour.com
Terms of ServicePrivacy Policy