Differences

This shows you the differences between two versions of the page.

--- hsts:clear_hsts [2016/07/01 14:24] – peter
+++ hsts:clear_hsts [2019/11/29 16:21] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Clear HSTS ======
-Once a browser or client is presented with the HSTS policy, it caches the information for the specified **max-age** period.  During that period, the browser will refuse to access the web service over unencrypted HTTP, and will refuse to grant exceptions to certificate errors.
-If the **includeSubDomains** parameter was specified for an HSTS policy, these restrictions will also apply to all subdomains of the current domain.
-It’s practically impossible to back out an HSTS policy.  When you test HSTS, use a very short **max-age** timeout and ensure you’re comfortable with the effects and the obligation to maintain an HTTPS version of your site.  When you first go live with your HSTS policy, keep **max-age** small and increase it only when you’re confident about doing so.
-The cache time comes from the origin/site HSTS header, which is set with something like <code bash>Strict-Transport-Security: max-age=16070400; includeSubDomains; always</code>
-This setting will continue to pass the HSTS header, unless it is disabled.
-To disable HSTS for clients and wipe out their redirects use <code bash>Strict-Transport-Security: max-age=0;</code>
-Specifying a zero time duration signals the UA to delete the HSTS Policy (including any asserted **includeSubDomains** directive) for that HSTS Host.
-===== Clear HSTS in Firefox =====
-Error code: "**ssl_error_bad_cert_domain**".
-If you see "**I understand the risks**", follow those instructions. Otherwise:
-  - Close all open tabs related to the site your are experiencing an issue with.
-  - Clear your history by clicking the menu and selecting the circular clock icon labeled "**History**".
-  - Select the button that says "**Clear Recent History**".
-  - In the menu that appears next to "**Time range to clear:**" click the drop-down and select "**Everything**".
-  - Click "Clear Now" and close the menu.
-  - In the address bar type about:permissions and press the **Enter** key.
-  - On the top left hand side find the box with a magnifying glass with the text "**Search Sites**".  Click into the box and enter the name of the site you are experiencing issues with.
-  - In the list directly beneath the search window click on the site name and then click the button in the top right hand corner labeled "**Forget About This Site**".
-===== Clear HSTS in Google Chrome =====
-Error message "**Cannot connect to the real <domain name>.**"
-  - In the address bar, type **<nowiki>chrome://net-internals/#hsts</nowiki>**.
-  - Type the domain name in the text field below "**Delete domain**".
-  - Click the "**Delete**" button.
-  - Type the domain name in the text field below "**Query domain**".
-  - Click the "**Query**" button.
-  - Your response should be "**Not found**".
-===== Clear HSTS in Opera =====
-Error message "**Cannot connect to the real <domain name>.**"
-  - In the address bar, type **<nowiki>chrome://net-internals/#hsts</nowiki>**.
-  - Type the domain name in the text field below "**Delete domain**".
-  - Click the "**Delete**" button.
-  - Type the domain name in the text field below "**Query domain**".
-  - Click the "**Query**" button.
-  - Your response should be "**Not found**".
-===== Clear HSTS in Safari =====
-  - Close Safari.
-  - Delete the **~/Library/Cookies/HSTS.plist** file.
-  - Reopen Safari