Explicit no-SSL stance you can trust

This endpoint exists for one purpose: stay on classic HTTP so captive portals reveal themselves. There are no surprise upgrades, HSTS headers, or certificate detours.

Teams rely on it when they need a deterministic NeverSSL clone that is actively maintained and monitored for uptime.

• Primary host explicitly avoids TLS handshakes.
• Lightweight markup loads on e-readers, consoles, and kiosks.
• Status banner confirms “Unsecure connection” so users know it worked.

Diagnostics beyond the legacy NeverSSL splash

While the page remains plain HTTP, it also gives you concrete evidence of what the network sees so you can troubleshoot confidently.

• Instant curl response that prints your public IP only (run `curl http://nossl.sh`).
• Copy-ready table of headers for tickets and incident timelines.
• Live counters showing HTTP vs HTTPS hits plus SEO landings.

Useful extras for ops teams

nossl.sh adds operational context without breaking the all-HTTP contract meant to mimic NeverSSL.

• Check `/api/request-info` to script public IP checks in tooling.
• Monitor the honeypot console to see automated scanners that hit your network.
• Use the sitemap of SEO pages to document specific onboarding scenarios for travelers.

Does nossl.sh ever force HTTPS?

No. The main helper endpoint stays on HTTP by design so captive portals cannot dodge it. A separate HTTPS preview exists, but the default route never upgrades.

How reliable is this NeverSSL alternative?

The project is monitored 24/7, deployed across redundant regions, and backed by simple service checks so travelers and ops teams can trust it in the field.