Multi-CDN failover sent users to a non-HTTPS origin causing mixed-content errors and the failover healthcheck that enforced TLS

As the web grows more complex and performance expectations rise, using multiple Content Delivery Networks (CDNs) has become a common strategy for increasing availability, improving load times, and guarding against outages. However, when not implemented carefully, multi-CDN setups can introduce new problems—ones that unexpectedly impact user experience and compromise security. One such incident involved a failover scenario in a multi-CDN configuration that began routing users to a HTTP origin despite the primary site being HTTPS-only. This led to widespread mixed-content errors and client-side asset failures.

TL;DR

When a healthcheck-triggered failover in a multi-CDN configuration switched traffic to a secondary CDN,