How to Redirect from HTTPS to HTTP?

Dec 29, 2017 | cPanel

In the digital world, ensuring that your website meets specific protocol requirements can be crucial for performance, compatibility, or outdated legacy system requirements. While most modern security practices advocate for always using HTTPS over HTTP to secure web traffic, there are exceptional cases where a website might need to redirect from HTTPS to HTTP. This blog post will explain how to implement this redirection safely using the .htaccess file.

Understanding HTTPS to HTTP Redirection

Why Redirect from HTTPS to HTTP?

Though it’s generally recommended to use HTTPS to secure your website, certain scenarios might require HTTP. Some common reasons include:

  1. Compatibility with legacy systems that only support HTTP.
  2. Development and testing environments where security certificates are not available.
  3. Specific application logic that might require HTTP.

Redirecting from HTTPS to HTTP can expose your website to security risks, such as man-in-the-middle attacks. It’s essential to understand the implications and ensure that it’s absolutely necessary before implementing such redirects.

Step-by-Step Guide to Redirecting HTTPS to HTTP

To implement an HTTPS to HTTP redirect, you’ll need to modify the .htaccess file on your Apache server. Here’s how you can do it:

Access Your .htaccess File:

Locate your .htaccess file in the root directory of your Apache server. If it doesn’t exist, you can create a new one.

Add the Following Directives:

Insert these lines at the top of your .htaccess file to ensure they execute before anything else:

# Redirect HTTPS to HTTP
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will redirect your “” to ““.


  1. RewriteEngine On enables the rewriting capabilities.
  2. RewriteCond %{HTTP:X-Forwarded-Proto} =https checks if the protocol being used is HTTPS.
  3. RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] redirects all incoming HTTPS requests to HTTP. The R=301 flag indicates a permanent redirect, helping search engines and other services update their indexes.

Test Your Redirection:

After saving the changes, test your website by accessing the HTTPS version. It should automatically redirect you to the HTTP version. Use tools like Redirection Checker to ensure that the status code 301 Moved Permanently is returned.


Redirecting from HTTPS to HTTP is generally not recommended due to security concerns, but it can be necessary under certain conditions. By following the steps outlined above, you can implement this redirection while maintaining as much security as possible. Always ensure to test your changes thoroughly to avoid any unintended consequences.

You May Also Like…

You May Also Like…

WooCommerce ROI Optimization: The Ultimate Guide for SMBs

WooCommerce ROI Optimization: The Ultimate Guide for SMBs

In the ever-competitive world of eCommerce, Return on Investment (ROI) is more than just a buzzword; it's the lifeblood of sustainable business growth. Understanding and maximizing ROI / Maximize your Ecommerce Sales (especially WooCommerce ROI Optimization for SMBs)...

Web Design for Small Businesses in 2023: What You Need to Know

Web Design for Small Businesses in 2023: What You Need to Know

Small businesses are the backbone of any economy and it's crucial for them to have an online presence in today's digital world. A website is the most effective way for small businesses to reach a wider audience and showcase their products and services. The importance...

Case Study: Web Design Of A Digital Marketing Agency in UK

Case Study: Web Design Of A Digital Marketing Agency in UK

Introduction:In today's digital age, having an effective online presence is essential for businesses of all sizes. For digital marketing agencies, this is especially true, as their success is largely dependent on their ability to showcase their skills and expertise...