Over a year ago, we covered a topic that is rare, 307 redirects when it goes over HSTS, HTTP Strict Transport Security.
When we migrated this site over to HTTPS, we went really strict and uses HSTS and I saw that the redirect was a 307 from the non HTTP to the HTTPS of this site. Why?
John Mueller said on Google+:
HTTPS HSTS: 301, 302, or 307? If the combination of these letters numbers mean anything to you, you might be curious to know why Chrome shows you a 307 redirect for HSTS pages.
In the end, it’s pretty easy. After seeing the HTTPS URL with the HSTS header (for example, with any redirect from the HTTP version), Chrome will act like it’s seeing a 307 redirect the next time you try to access the HTTP page. Your server’s not returning a 307, Chrome is just showing it to you as such to explain that it’s doing the redirect for you. You can confirm that by looking at the size of the response — 0 bytes for the 307 “redirect.” In other words, the 307 isn’t actually a redirect at all, it’s just a placeholder.
Zineb from Google explained on Twitter:
With HSTS implemented, Googlebot sees a 301 redirect (try it with Fetch as Google).
The 307 is just an “internal redirect”. The browser basically decides to not even try to call the HTTP version
It uses the 307 “internal redirect” to go directly to the HTTPS version, without talking to the server. #HSTS
So here are screen shots showing this in action for this site.
Here is how Google Search Console Fetch as Google sees it, i.e. a 301 redirect:
Here is how a normal redirect checker in your browser sees it, i.e. as a 307: