====== Ubuntu - HTST - Clear HSTS ======

Once a browser or client is presented with the HSTS policy, it caches the information for the specified **max-age** period.  During that period, the browser will refuse to access the web service over unencrypted HTTP, and will refuse to grant exceptions to certificate errors. 

If the **includeSubDomains** parameter was specified for an HSTS policy, these restrictions will also apply to all subdomains of the current domain.

It’s practically impossible to back out an HSTS policy.  When you test HSTS, use a very short **max-age** timeout and ensure you’re comfortable with the effects and the obligation to maintain an HTTPS version of your site.  When you first go live with your HSTS policy, keep **max-age** small and increase it only when you’re confident about doing so.

The cache time comes from the origin/site HSTS header, which is set with something like <code bash>Strict-Transport-Security: max-age=16070400; includeSubDomains; always;</code>

This setting will continue to pass the HSTS header, unless it is disabled.

To disable HSTS for clients and wipe out their redirects use <code bash>Strict-Transport-Security: max-age=0;</code>

Specifying a zero time duration signals the UA to delete the HSTS Policy (including any asserted **includeSubDomains** directive) for that HSTS Host.


===== Clear HSTS in Firefox =====

Error code: "**ssl_error_bad_cert_domain**".

If you see "**I understand the risks**", follow those instructions. Otherwise:

  - Close all open tabs related to the site your are experiencing an issue with.
  - Clear your history by clicking the menu and selecting the circular clock icon labeled "**History**".
  - Select the button that says "**Clear Recent History**".
  - In the menu that appears next to "**Time range to clear:**" click the drop-down and select "**Everything**".
  - Click "Clear Now" and close the menu.
  - In the address bar type about:permissions and press the **Enter** key.
  - On the top left hand side find the box with a magnifying glass with the text "**Search Sites**".  Click into the box and enter the name of the site you are experiencing issues with.
  - In the list directly beneath the search window click on the site name and then click the button in the top right hand corner labeled "**Forget About This Site**".





===== Clear HSTS in Google Chrome =====

Error message "**Cannot connect to the real <domain name>.**"

  - In the address bar, type **<nowiki>chrome://net-internals/#hsts</nowiki>**. 
  - Type the domain name in the text field below "**Delete domain**".
  - Click the "**Delete**" button.
  - Type the domain name in the text field below "**Query domain**".
  - Click the "**Query**" button.
  - Your response should be "**Not found**".



===== Clear HSTS in Opera =====

Error message "**Cannot connect to the real <domain name>.**"

  - In the address bar, type **<nowiki>chrome://net-internals/#hsts</nowiki>**.
  - Type the domain name in the text field below "**Delete domain**".
  - Click the "**Delete**" button.
  - Type the domain name in the text field below "**Query domain**".
  - Click the "**Query**" button.
  - Your response should be "**Not found**".


===== Clear HSTS in Safari =====

  - Close Safari.
  - Delete the **~/Library/Cookies/HSTS.plist** file.
  - Reopen Safari