Help

HSTS Off

Allow HSTS to expire (Option One)

  1. Turn off Strict HTTPS (HTTP Strict Transport Security) within the Web Server Settings.

  2. Configure the Web Server Settings to have HTTP turned off and HTTPS on.

  3. Continue to use HTTPS and wait for all affected browser's HSTS entry to expire after 7 Days.

  4. Enable HTTP within the Web Server Settings.

 Affected browsers cannot access the domain under HTTP-only configuration if the steps above are not applied

 

Manually clear the domain from each browser's HSTS list (option two)

  1. Turn off Strict HTTPS (HTTP Strict Transport Security) within the Web Server Settings

  2. Configure the Web Server Settings to have HTTP turned off and HTTPS on

  3. Each browser that accessed the web server while HSTS was enabled will be affected and need the following operations:

Chrome

    1. Open Google Chrome.
    2. Enter chrome://net-internals/#hsts in the address bar.
    3. Enter the domain name under the Query HSTS/PKP Domain section and search.
    4. Copy the domain name that needs to be removed and enter it under the Delete Domain Security Policies.

FireFox

    1. Open Mozilla FireFox.
    2. Open the browsing History.
    3. Right-click the Domain that needs to be removed and select Forget About This Site (All data of this site will be removed).

Safari

    1. Close Safari.
    2. Delete the ~/Library/Cookies/HSTS.plist file.

Edge

    1. Open Microsoft Edge.
    2. Go to Settings.
    3. Go to the Privacy & Security tab.
    4. Select Choose what to clear.
    5. Ensure Cached data and files is checked.
    6. Click Clear.

  1. Enable HTTP within the Web Server Settings.

 Affected browsers cannot access the domain under HTTP-only configuration if the steps above are not applied.

 

Related Topics

Web Server Settings