I think I found out:
The website is an .app domain, e.g.
domain.app. And these sites are by definition only https. Look here.
So it is still HSTS-related, but not on a single site, but for the whole “.app” TLD. And for that reason, I could not find the specific domain name listed in HSTS, and did not delete the HSTS.plist help.
Well, not sure if I should keep this question up. Maybe it helps others who encounter this.
Background: It was my own page. I moved it with others to a new server, and need to verify that they work with regular http. So I tested every site in http, and anything but this worked. So I assumed something was wrong with the browsers.
And not only Safari but also Firefox and Chrome will only do https.
Strange, though, by using another way to request the http site, such as the low-level command
wget, did not enforce the https requirement (they do not know about it, obviously), therefore it misled me into believing that the problem was a latent browser setting that I could fix.