Yes, sorry: the other piece is that NeverSSL wants to redirect to a new domain every time you visit to ensure that the page that you was actually loaded from the network and not from a cache, which a cached 301 to a fixed address wouldn't accomplish.

https://twitter.com/NeverSSL/status/1136488879106666496