Install Config Wiki

All about installing, configuring and troubleshooting

User Tools

Site Tools

Trace: clear_hsts_strict_transport_security_domain_google_chrome
clear_hsts_strict_transport_security_domain_google_chrome

How to Clear HSTS Strict Transport Security for a Particular Domain URL in Google Chrome

Have you been prevented from visiting a site because Google Chrome web browser says it is insecure and displays a message regarding privacy? If you read more from that warning page, it may say something about strict transport security and HSTS. It may be that the server that is hosting the website that is configured for strict transport security for one or more of its hosts (i.e. website addresses), and that there is some sort of conflict among which host to serve to you through Chrome. If you click on insecure in the browser and check the invalid SSL certificate, it probably belongs to a different domain than the one you are trying to reach in your browser. So, how can I try to fix this?

Input to the address bar of Google Chrome the following: 

chrome://net-internals/#hsts

Query the Address of the Domain, Subdomain or Alias for which Chrome is having “privacy” concerns.

Then, in the “Delete” section of the net-internals page, now input the offending web Address, Domain, or Alias, and click the Delete button.

Now try reaching your website address.

How to Delete HSTS Settings in Chrome

How to Delete HSTS Settings in Chrome:

Navigate to 

chrome://net-internals/#hsts

This is Chrome’s User Interface for managing your browser’s local HSTS settings.

First, to confirm the domain’s HSTS settings are recorded by Chrome, type the hostname into the Query Domain section at the bottom of the page. Click Query. If the Query box returns Found with settings information, the domain’s HSTS settings are saved in your browser.

HSTS Settings Chrome

Note that this is a very sensitive search. Only enter the hostname, without a protocol or path, such as: 

www.example.com
or
example.com

However, depending on the HSTS settings provided by the site, you may need to specify the proper subdomain. For example, the HSTS settings for “hostname1.yourdomain.com” may be separate from “yourdomain.com” so you may need to repeat the steps as appropriate.

Next, type the same hostname into the Delete domain section and click the Delete button.

Hopefully, your browser will no longer force an HTTPS connection for that site. You can test if its working properly by refreshing or navigating to the page.

See Also: https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/

clear_hsts_strict_transport_security_domain_google_chrome.txt · Last modified: 2023/07/12 14:14 by wikiadmin