I recently stumbled across a pretty cool, but also painful if you don’t know it, functionality within the HTTP/S protocol.
It is called HTST or HTTP Strict Transport Security. Basically it tells the browser over a header to request everything from this server only via HTTPS instead of HTTP.
The first request will set something like a cookie, but it is, depending on the browser, not a regular cookie. For example Safari stores this information in a file called HTST.plist.
The header sets a lifetime like for a cookie.
In my specific case, I had an entire server redirected to https by a rewrite rule, but one specific URL redirected to http. HTST avoided that drastically and it took me a few hours and some external help to figure this out.
Details about my case can be found here.