This sounds like how HSTS is supposed to work. What exactly do you see as a WebKit bug here?

The problem here that it's not the same site. One is the real system we are developing(this is the one that has HTTPS) and another one is just some kind of mock system that provides different stubs for third party system we are using. This mock system has web page that was made to configure it's behavior and after first visit of real system there is no way to reach mock one because safari forces HTTPS there. By the way, I checked this case on Chrome and Firefox and I was able to reach mock one after visiting the one with the real system.

And the site is not setting the upgrade insecure request or HSTS headers? This could be due to a safari feature that will preferentially visit the HTTPS version of the site once it knows it exists. Have you tried deleting website data for the origin?

I have checked responses and yes, origin returns "Strict-Transport-Security: max-age=31536000; includeSubDomains" header. I've deleted website data and it haven't helped. To stop such behavior I should also delete HSTS.plist file but it works only until visiting original one. If it's expected behavior is it any switch or extension with which it's possible to turn it off for testing purpose? And I should mention this again it behaves like that only in Safari, so, I just wonder why is it different?