Well this one freaks me out. I used a Http Header check tool to check the headers of my webpage and guess what. In every request the response was 302 instead of 200.
domain.con
www.domain.con
http://www.domain.con
So, am i missing something here? I have not placed any redirect in any way.
So where the f#$% my website redirects? Is there a security hole?
UPDATE: While googling found this one
Are you using forms authentication? and log in page is some other page than the default page say auth.aspx? If this is the case then you will allways get 302 code and the page will be redirected to login page.
You are getting this because .net/IIS redirects your www.domain.com or domain.com to www.domain.com/default.aspx, so you get a header with 302 and then one for 200. I think this is by design but very confusing.
domain.com
is not the same aswww.domain.com
- that's a redirect.Maybe a case of this:
302 Found
This is the most popular redirect code, but also an example of industrial practice contradicting the standard. HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours. However, the majority of Web applications and frameworks still use the 302 status code as if it were the 303.
303 See Other (since HTTP/1.1)
The response to the request can be found under another URI using a GET method. When received in response to a PUT, it should be assumed that the server has received the data and the redirect should be issued with a separate GET message.
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
In ASP.Net we can redirect by using Response.Redirect & Server.Transfer. If we go with server.Transfer the status code 302 will never hit & directly hits the 200. If we go with Response.Redirect it passes from 302 to 200 as response.. Which is nothing but roundtrip.
It's possible that you forgot to add a final slash to the end of your URL. Most webservers will redirect you to the "canonical" location that includes the slash. If you include the slash, you may get the response you're looking for.