It seems to be a caching problem. Maybe this is some configuration.
I found the "Must-revalidate" field in the response that might be considering the redirect page as the same page.
HTTP/1.1 503 Service Unavailable
Date: Mon, 06 Mar 2017 13:32:13 GMT
Content-Type: text/html; charset=UTF-8
X-XSS-Protection: 1; mode=block
4b6 --- Its the response body, 4b6 is seems a part of the CloudFlare cache code, I searched here and did not find any of my requests that had this cache.
*. If the response includes the "must-revalidate" cache-control
Directive, the cache MAY use that response in replying to
Subsequent request. But if the response is stale, all caches
MUST first revalidate it with the origin server, using the
Request-headers from the new request to allow the origin server
To authenticate the new request.
Try using only no-store and no-cache.
Also, POST requests are not being redirected to HTTPS, Only the links have been modified to https. Probably because of the IPS configuration.
I got it on the POST request:
HTTP/1.1 200 OK
Date: Mon, 06 Mar 2017 13:20:50 GMT
Set-Cookie: __cfduid=----; expires=Tue, 06-Mar-18 13:20:49 GMT; path=/; domain=.xat.com; HttpOnly
Set-Cookie: ips4_IPSSessionFront=SOMESESSION; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
I do not know if the problem is the Cloudflare, But you shall check it HERE .