Settings

How to clear HSTS from your browser

If you enabled HSTS on your site, you’ll have to clear it from your browser after you disabled it again. Otherwise, your site willl keep loading over SSL. There are two ways to do this. The first sets the .htaccess header, which resets it for all users:

Resetting the HSTS header using the .htaccess

If you set the expiration time on your HSTS header in the .htaccess to zero, the HSTS header should expire immediately.

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=0; includeSubDomains;" env=HTTPS
</IfModule>

Clearing from the browser

Just clearing it from your browser is also possible:

In Chrome:

  1. In the address bar, type “chrome://net-internals/#hsts”.
  2. Type the domain name in the text field below “Delete domain”.
  3. Click the “Delete” button.
  4. Type the domain name in the text field below “Query domain”.
  5. Click the “Query” button.
  6. Your response should be “Not found”.

Safari:

  1. Close Safari.
  2. Delete the ~/Library/Cookies/HSTS.plist file.
  3. Reopen Safari.
Removing from the preload list… Don’t go there. Only submit your site if you are sure you want to stay.

Related Articles

  • How to install Really Simple SSL per page

    If you just bought the Really Simple SSL per page plugin, and are wondering to install it, here’s how to to it. You can watch this video for a brief explanation...
  • What is HSTS?

    HSTS means HTTP Strict Transport Security, and makes browsers force your visitors over https. Why do you need this when you already have redirected your site to SSL? HSTS is...
  • My website does a double redirect to https, or not 301 redirect

    Some users ask for a fix for a double redirect. But Really Simple SSL does not do a double redirect! The plugin uses two ways to redirect: in the .htaccess...
  • SSL with CloudFlare and Really Simple SSL

    If you are a CloudFlare user, there are a few things to consider when migrating to SSL. If you run into redirect loops when you use CloudFlare, and have activated...

Leave a Comment