Https visitor actions showing on https-only site


Haven’t been able to figure this out, but maybe I’m just missing some knowledge on how HTTP works.

A few weeks ago I moved a site to HTTPS only. That is, if any http:// address is entered, it will be redirected to https://. I tested this a few times, I really believe that nothing can actually be loaded via plain http.

What’s puzzling to me is that the Piwik visitor log has both http:// and https:// page loads. Even more interestingly, some visitors have both http:// and https:// page loads, mixed.

How is this possible?

Maybe if the user arrived through http:// and then clicks a relative link (like a <href="/contact"> ), a browser will put in the HTTP referrer with the original protocol, even if in the meanwhile it was redirected to HTTPs?