User Tools

Site Tools


hsts:clear_hsts

This is an old revision of the document!


Clear HSTS

Cache time comes from the origin/site HSTS header.

This is set with something like

Strict-Transport-Security: max-age=16070400; includeSubDomains

This setting will continue to pass the HSTS header, unless it is disabled.

To disable HSTS for clients and wipe out their redirects use

Strict-Transport-Security: max-age=0;

Specifying a zero time duration signals the UA to delete the HSTS Policy (including any asserted includeSubDomains directive) for that HSTS Host.

Clear HSTS in Firefox

Error code: “ssl_error_bad_cert_domain”.

If you see “I understand the risks”, follow these instructions. Otherwise:

  1. Close all open tabs related to the site your are experiencing an issue with.
  2. Clear your history by clicking the menu and selecting the circular clock icon labeled “History”.
  3. Select the button that says “Clear Recent History”.
  4. In the menu that appears next to “Time range to clear:” click the drop-down and select “Everything”.
  5. Click “Clear Now” and close the menu.
  6. In the address bar type about:permissions and press the Enter key.
  7. On the top left hand side find the box with a magnifying glass with the text “Search Sites”. Click into the box and enter the name of the site you are experiencing issues with.
  8. In the list directly beneath the search window click on the site name and then click the button in the top right hand corner labeled “Forget About This Site”.

Clear HSTS in Google Chrome

Error message “Cannot connect to the real <domain name>.

  1. In the address bar, type chrome://net-internals/#hsts.
  2. Type the domain name in the text field below “Delete domain”.
  3. Click the “Delete” button.
  4. Type the domain name in the text field below “Query domain”.
  5. Click the “Query” button.
  6. Your response should be “Not found”.

Clear HSTS in Opera

Error message “Cannot connect to the real <domain name>.

  1. In the address bar, type chrome://net-internals/#hsts.
  2. Type the domain name in the text field below “Delete domain”.
  3. Click the “Delete” button.
  4. Type the domain name in the text field below “Query domain”.
  5. Click the “Query” button.
  6. Your response should be “Not found”.

Clear HSTS in Safari

  1. Close Safari.
  2. Delete the ~/Library/Cookies/HSTS.plist file.
  3. Reopen Safari
hsts/clear_hsts.1467370854.txt.gz · Last modified: 2020/07/15 09:30 (external edit)

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki