The http://www.domain.com:2082/unprotected/redirect.html is an iframe that attempts to meta-refresh the browser into http://www.domain.com:2082/. If that fails the browser will try to load http://cpanel.domain.com.

The /unprotected/redirect.html URL doesn't really have anything to do with the security of the connection itself. Files in /unprotected/ are served by cpsrvd without requiring a login (which is essential to get the iframe before a login takes place.)

If you'd rather that http://domain.com/cpanel sends users to https://www.domain.com:2083 you need to turn on the relevant option in TweakSettings ... "Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc."

Whether or not SSL is used with the secondary redirect to http://cpanel.domain.com depends on the existence of a SSL VirtualHost on the same IP address.

This secondary redirect is only attempted if Proxy VirtualHost support is enabled in TweakSettings. When Proxy VirtualHosts are not enabled, the /cpanel redirect script will just issue a HTTP redirect as it did in the past without any iframe/javascript/etc.

There are a few fixes related to this flow of redirect logic that are currently only in Edge, but they should be in the other 11.23 branches soon.