sfw/fix
Safari: too many redirects high

Safari: "Can't Open the Page — Too Many Redirects Occurred"

Safari hit a redirect loop — two rules bouncing a request back and forth — and gave up after the hop limit.

What you see

Safari Can't Open the Page
Too many redirects occurred trying to open "https://example.com".
This might occur if you open a page that is redirected to open another page which then is redirected to open the original page.

What’s actually happening

The page never loads in Safari and you get the "too many redirects" wording. Chrome shows the same thing as ERR_TOO_MANY_REDIRECTS, Firefox says "The page isn't redirecting properly." It often looks intermittent because a cached redirect or a cookie keeps the loop alive even after you change a rule. curl -IL the URL and you'll watch it ping-pong between two locations forever.

Common causes

  • Two redirect rules fighting: one forces https://www, another forces the non-www apex, so A→B→A→B.
  • Cloudflare set to Flexible SSL while the origin also 301s HTTP→HTTPS — Cloudflare talks HTTP to the origin, origin redirects to HTTPS, Cloudflare re-requests over HTTP, loop.
  • A canonical-host plugin (WordPress 'Site Address' vs 'WordPress Address' mismatch, or Really Simple SSL) redirecting against a server-level rule.
  • A trailing-slash rule that adds a slash and another that strips it, each undoing the other.
  • A login/auth redirect that sends unauthenticated users to /login, while /login itself requires auth and redirects back.

How to fix it

  1. Trace the loop with curlRun curl -sIL https://example.com and read the chain of Location headers. The two URLs it alternates between are your fighting rules. Do it for http:// and https://, with and without www, so you see every variant.
  2. Fix Cloudflare SSL modeIn Cloudflare SSL/TLS, switch Flexible to Full (strict) once the origin has a valid cert. Flexible is the classic cause: it terminates TLS at the edge and hits your origin over plain HTTP, which your origin then redirects to HTTPS. Either set Full or remove the origin's HTTP→HTTPS redirect, not both.
  3. Pick one canonical host and one schemeDecide www vs non-www and HTTPS-only, then enforce it in exactly one place. If Cloudflare Page Rules / Redirect Rules handle it, remove the duplicate .htaccess or nginx redirect (and vice versa). Two layers each doing it is what creates A→B→A.
  4. Clear cache and cookies to confirmBrowsers cache 301s hard. Test in a Private window or after Develop > Empty Caches in Safari. If it loads clean there but loops in your normal window, it was a cached 301 — the rule is already fixed, you're seeing history.
  5. Check app-level canonical settingsOn WordPress, confirm Settings > General Site Address and WordPress Address agree and match your chosen host. Disable redirect plugins one at a time. On Rails/Django, check force_ssl / SECURE_SSL_REDIRECT isn't doubling a proxy redirect.

Stop it recurring

Force scheme and host in exactly one layer — edge or origin, never both — and set Cloudflare to Full (strict).

Related errors

308 Permanent Redirect Stuck / Cached

medium

A 308 is cached as hard as a 301 by browsers and CDNs, so a wrong one keeps serving long after you fix the origin.

Canonical Points to a Redirecting URL

medium

The rel=canonical names a URL that itself redirects, giving Google a conflicting signal it may ignore in favor of its own pick.

ERR_TOO_MANY_REDIRECTS (Redirect Loop)

critical

A redirect loop sends the browser bouncing between URLs forever until it gives up — taking the page down entirely.

Soft 404 (200 OK on a Missing Page)

medium

A page that no longer exists returns HTTP 200 instead of 404, so 'not found' content gets served as success.