If you ever set SSL on parts of your site and later change your mind, you may run into trouble to revert to non-SSL. Of course, you have cleared your browser cache. In Firefox you have also right-clicked on the site name in your history and chose “Forget about this site” while no tab had the site opened. But when you type the non-https address, the browser still redirects you to https://

What’s even worse: you set a redirect like this in your .htaccess

## Disable https on public site. Force redirect to http.
RewriteCond %{HTTPS}       on
RewriteCond %{REQUEST_URI} !^(.*)/administrator/(.*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} .
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

And then you screw the browser completely in an infinite loop. Ugly ain’t it?

Well, for one thing it probably occurs only in those browsers which have visited the page while https was on. If you just tested for a short period of time, this could be just yours. But still, you need to solve the problem. Try inserting the following line in your .htaccess (above the previous redirect block if using it).

## Unset
Header set Strict-Transport-Security "max-age=0"

If that works and you want to know why, read on here.