Chrome adds weird HTTPS:1 header to all requests
Most likely those sites that you are having problems with are running server code that incorrectly interprets the HTTPS: 1
request header. For example the Wordpress WooCommerce plugin, which is running on about 900,000 sites, has buggy code that incorrectly handles the HTTPS: 1
header. See their latest patch document here: https://woocommerce.wordpress.com/2015/07/07/woocommerce-2-3-13-security-and-maintenance-release/
There is a similar post on StackOverflow: https://stackoverflow.com/questions/31565155/wordpress-woocommerce-forces-https-when-it-shouldnt/31570584#31570584
To give more detail: Chrome has implemented the Upgrade Insecure Requests specification from the World Wide Web Consortium (W3C). Section 3.2.1 of that specification is The Upgrade-Insecure-Requests HTTP Request Header Field which states
3.2.1. The Upgrade-Insecure-Requests HTTP Request Header Field
The Upgrade-Insecure-Requests HTTP request header field sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests directive in order to make that preference as seamless as possible to provide.
This preference is represented by the following ANBF:
"Upgrade-Insecure-Requests:" *WSP "1" *WSP
Sites like those running the WooCommerce plugin in Wordpress are incorrectly rewriting all the URLs in the response as https:\\
links if the HTTPS: 1
header was set in a non-secure (http) request.
As an end user of that site, the only easy work around is to use a browser other than Chrome until those web sites are repaired
Apparently a bug in version 44, seems to be fixed in the latest update. I'm now using 44.0.2403.107 and the problem seems to gone away.
More information here: http://www.zdnet.com/article/brand-new-chrome-44-release-added-a-bug/
its more than just wocommerce, its all of wordpress that is going haywire causing bad css, images and etc.
add this to near the top of your wp-config.php to remove it
if($_SERVER['HTTP_HTTPS'] && !$_SERVER['HTTPS'])
{ unset($_SERVER['HTTP_HTTPS']);
}