TCP-Dump of failure on x86_64-darwin vs. aarch64
Failure (x86_64-darwin)
GET /
accept: */*
host: httpforever.com
<!DOCTYPE HTML>
<html>
<head>
<title>HTTP Forever</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="A site that will always be available over HTTP!" />
<meta name="keywords" content="HTTP WiFi Captive Portal" />
<!--[if lte IE 8]><script src="css/ie/html5shiv.js"></script><![endif]-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/skel/3.0.1/skel.min.js" integrity="sha256-3e+NvOq+D/yeJy1qrWpYkEUr6SlOCL5mHpc2nZfX74E=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/skel-layers/2.2.1/skel.min.js" integrity="sha256-6xgf/CipbscdlAaUOAAlWVmpfPy9V5cQvZejxXSEfcw=" crossorigin="anonymous"></script>
<script src="js/init.min.js"></script>
<noscript>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/skel-layers/2.2.1/skel.min.css" integrity="sha256-HoTbojxjAGIeiQMgAD2nqi6adFwcOUwoiPnr7mC7qBs=" crossorigin="anonymous" />
<link rel="stylesheet" href="css/style.min.css" />
<link rel="stylesheet" href="css/style-wide.min.css" />
</noscript>
<!--[if lte IE 8]><link rel="stylesheet" href="css/ie/v8.min.css" /><![endif]-->
</head>
<body class="landing">
<section id="banner">
<h2>HTTP FOREVER</h2>
<p>A reliably insecure connection</p>
</section>
<div class="wrapper style1">
<section class="container">
<header class="major">
<h2>Why does this site exist?</h2>
<p>This domain started out as my personal 'captive portal buster' but I wanted to publicise it for anyone to use. If you're on a train, in a hotel or bar, on a flight or anywhere that you have to login for WiFi, this site could help you!</p>
</header>
</section>
</div>
<div class="wrapper style2">
<section class="container">
<header class="major">
<h2>How does it work?</h2>
<p>If you connect to a WiFi hotspot whilst out and about, sometimes you have to login or accept Terms and Conditions. To do that the 'captive portal' has to intercept one of your requests and inject the login page for the WiFi. This usually results in a big, red warning from your browser which you should <b>never</b> click through! Instead, open a new tab in your browser and come here!</b></p>
</header>
</section>
</div>
<div class="wrapper style3">
<section class="container">
<header class="major">
<h2>Can I use it?</h2>
<p>Yes! Anyone is free to use or link to this site, just make sure you're always on the HTTP version: <a href="http://httpforever.com">http://httpforever.com</a></p>
</header>
</section>
</div>
<div class="wrapper style1">
<section class="container 75%">
<header class="major">
<h2>Who built this?</h2>
<p>This site was built by Scott Helme, a security researcher trying to help make the web more secure.</p>
</header>
<div id="contact" class="box">
<div class="row uniform">
<div class="6u">
<ul class="labeled-icons">
<li>
<h3 class="icon fa-twitter"><span class="label">Twitter</span></h3>
<a href="https://twitter.com/Scott_Helme" target="_blank">twitter.com/Scott_Helme</a>
</li>
<li>
<h3 class="icon fa-facebook"><span class="label">Facebook</span></h3>
<a href="https://www.facebook.com/scott.helme" target="_blank">facebook.com/scott.helme</a>
</li>
<li>
<h3 class="icon fa-linkedin"><span class="label">LinkedIn</span></h3>
<a href="https://www.linkedin.com/in/scotthelme/">linkedin.com/in/scotthelme</a>
</li>
</ul>
</div>
<div class="6u">
<ul class="labeled-icons">
<li>
<h3 class="icon fa-globe"><span class="label">Website</span></h3>
<a rel="author" href="https://scotthelme.co.uk">scotthelme.co.uk</a>
</li>
<li>
<h3 class="icon fa-github"><span class="label">GitHub</span></h3>
<a href="https://github.com/ScottHelme">github.com/ScottHelme</a>
</li>
<li>
<h3 class="icon fa-youtube"><span class="label">YouTube</span></h3>
<a href="https://www.youtube.com/user/ScottHelme">youtube.com/user/ScottHelme</a>
</li>
</ul>
</div>
</div>
</div>
</section>
</div>
<footer id="footer">
<div class="copyright">
Created By Scott Helme - License <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a> - <a href="https://scotthelme.co.uk/" rel="author">scotthelme.co.uk</a><br/>
Check out my other projects like <a href="https://report-uri.com">Report URI</a>, <a href="https://securityheaders.com">Security Headers</a> and <a href="https://crawler.ninja">Crawler.Ninja</a>.
</div>
</footer>
</body>
</html>Success (aarch64)
GET / HTTP/1.1
accept: */*
host: httpforever.com
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 22 May 2025 18:59:25 GMT
Content-Type: text/html
Content-Length: 5124
Last-Modified: Wed, 22 Mar 2023 14:54:48 GMT
Connection: keep-alive
ETag: "641b16b8-1404"
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Content-Security-Policy: default-src 'self'; script-src cdnjs.cloudflare.com 'self'; style-src cdnjs.cloudflare.com 'self' fonts.googleapis.com 'unsafe-inline'; font-src fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-ancestors 'none'; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce
Accept-Ranges: bytes
<!DOCTYPE HTML>
<html>
<head>
<title>HTTP Forever</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="A site that will always be available over HTTP!" />
<meta name="keywords" content="HTTP WiFi Captive Portal" />
<!--[if lte IE 8]><script src="css/ie/html5shiv.js"></script><![endif]-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/skel/3.0.1/skel.min.js" integrity="sha256-3e+NvOq+D/yeJy1qrWpYkEUr6SlOCL5mHpc2nZfX74E=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/skel-layers/2.2.1/skel.min.js" integrity="sha256-6xgf/CipbscdlAaUOAAlWVmpfPy9V5cQvZejxXSEfcw=" crossorigin="anonymous"></script>
<script src="js/init.min.js"></script>
<noscript>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/skel-layers/2.2.1/skel.min.css" integrity="sha256-HoTbojxjAGIeiQMgAD2nqi6adFwcOUwoiPnr7mC7qBs=" crossorigin="anonymous" />
<link rel="stylesheet" href="css/style.min.css" />
<link rel="stylesheet" href="css/style-wide.min.css" />
</noscript>
<!--[if lte IE 8]><link rel="stylesheet" href="css/ie/v8.min.css" /><![endif]-->
</head>
<body class="landing">
<section id="banner">
<h2>HTTP FOREVER</h2>
<p>A reliably insecure connection</p>
</section>
<div class="wrapper style1">
<section class="container">
<header class="major">
<h2>Why does this site exist?</h2>
<p>This domain started out as my personal 'captive portal buster' but I wanted to publicise it for anyone to use. If you're on a train, in a hotel or bar, on a flight or anywhere that you have to login for WiFi, this site could help you!</p>
</header>
</section>
</div>
<div class="wrapper style2">
<section class="container">
<header class="major">
<h2>How does it work?</h2>
<p>If you connect to a WiFi hotspot whilst out and about, sometimes you have to login or accept Terms and Conditions. To do that the 'captive portal' has to intercept one of your requests and inject the login page for the WiFi. This usually results in a big, red warning from your browser which you should <b>never</b> click through! Instead, open a new tab in your browser and come here!</b></p>
</header>
</section>
</div>
<div class="wrapper style3">
<section class="container">
<header class="major">
<h2>Can I use it?</h2>
<p>Yes! Anyone is free to use or link to this site, just make sure you're always on the HTTP version: <a href="http://httpforever.com">http://httpforever.com</a></p>
</header>
</section>
</div>
<div class="wrapper style1">
<section class="container 75%">
<header class="major">
<h2>Who built this?</h2>
<p>This site was built by Scott Helme, a security researcher trying to help make the web more secure.</p>
</header>
<div id="contact" class="box">
<div class="row uniform">
<div class="6u">
<ul class="labeled-icons">
<li>
<h3 class="icon fa-twitter"><span class="label">Twitter</span></h3>
<a href="https://twitter.com/Scott_Helme" target="_blank">twitter.com/Scott_Helme</a>
</li>
<li>
<h3 class="icon fa-facebook"><span class="label">Facebook</span></h3>
<a href="https://www.facebook.com/scott.helme" target="_blank">facebook.com/scott.helme</a>
</li>
<li>
<h3 class="icon fa-linkedin"><span class="label">LinkedIn</span></h3>
<a href="https://www.linkedin.com/in/scotthelme/">linkedin.com/in/scotthelme</a>
</li>
</ul>
</div>
<div class="6u">
<ul class="labeled-icons">
<li>
<h3 class="icon fa-globe"><span class="label">Website</span></h3>
<a rel="author" href="https://scotthelme.co.uk">scotthelme.co.uk</a>
</li>
<li>
<h3 class="icon fa-github"><span class="label">GitHub</span></h3>
<a href="https://github.com/ScottHelme">github.com/ScottHelme</a>
</li>
<li>
<h3 class="icon fa-youtube"><span class="label">YouTube</span></h3>
<a href="https://www.youtube.com/user/ScottHelme">youtube.com/user/ScottHelme</a>
</li>
</ul>
</div>
</div>
</div>
</section>
</div>
<footer id="footer">
<div class="copyright">
Created By Scott Helme - License <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a> - <a href="https://scotthelme.co.uk/" rel="author">scotthelme.co.uk</a><br/>
Check out my other projects like <a href="https://report-uri.com">Report URI</a>, <a href="https://securityheaders.com">Security Headers</a> and <a href="https://crawler.ninja">Crawler.Ninja</a>.
</div>
</footer>
</body>
</html>