How to clear HSTS settings in Chrome and Firefox

The last time I played around with a website tried to configure HSTS (HTTP Strict Transport Security) and somehow I managed to lock myself out of it giving me an SSL error. In my case using Chromium I got “Privacy error: Your connection is not private” (NET::ERR_CERT_AUTHORITY_INVALID). But accessing the website from another browser or my mobile phone worked like a charm so it made me suspicious. Since configuring the HSTS setting on my webserver gave me a clue that the HSTS settings are also being saved on client side I started to dig into my webbrowser settings until I found out following:

Chrome/Chromium

  1. Make sure to close all tabs
  2. Goto the network internals page of your browser by typing “chrome://net-internals/#hsts into the address bar.
  3. Type the domain name into the “Query domain” text field and click the corresponding button to check if there are settings present for your domain.
  4. If so enter the same domain in the “Delete domain” text field and click the button beside it.
  5. If you now check again with the Query Domain field you should be getting “Not found as answer.

Firefox

  1. Make sure to close all tabs
  2. Open your browser settings and go to “History” -> “Show complete history”
  3. Search for the page you want to delete the HSTS settings for and right click on it
  4. Select “Forget About This Site” (This option will remove everything saved locally in your browser including cookies, saved passwords etc.)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s