It's not, the HTTPS site has the HSTS header, so your browser will always redirect to the HTTPS version even if you try the plaintext port. Gotta clear your browser cache, or try another browser.
It allows servers to specify that browsers should never even attempt to make an unencrypted request to the site and instead silently convert any such requests to encrypted requests.
This header is good for security but it’s also convenient for old sites that don’t want to update their existing links. They can upgrade the whole site to HTTPS without any content changes.
That stands for HTTP Strict Transport Security. Its a http header that basically tells your browser to only connect to this website via HTTPS/TLS for a configurable amount of time.
Its a protection mechanism that prevents encryption stripping man-in-the-middle attacks.