(1 votes, average: 5.00 out of 5)
Do you need to clear HSTS settings in your browser? Maybe for testing purposes or to access a site experiencing HSTS issues? Don’t worry; we will guide you on how to accomplish that. This article will convey the steps you must follow to disable these settings in Chrome and Firefox. But before moving to that, let’s first understand what HSTS setting is and why you should avoid clearing these settings until it’s indispensable.
HTTP Strict Transport Security is a type of security setting that compels a web browser to implement HTTPS protocol between the client (browser) and the server, thus eradicating the necessity to divert users from an HTTP URL to an HTTPS URL. If a domain has enforced HSTS, the Browser will automatically establish an HTTPS connection, even if the user types an HTTP URL or clicks on an HTTP link. This helps prevent attackers from intercepting and altering traffic between the users’ Browser and the server.
Note: A user can’t sidestep an HSTS warning.
Recommended: What is HSTS Certificate?
The development of HTTP Strict Transport Security (HSTS) was a direct response to a security vulnerability introduced by Marlinspike’s SSLStrip tool. SSLStip tool is a type of MITM tool that exploits the SSL stripping attack and downgrades the target’s connection from HTTPS to HTTP (converting it back to an unencrypted state.) HSTS solves this issue by explicitly instructing the user’s Browser only to establish HTTPS connections to the server.
But some problems may occur after implementing this setting. A website may open without any issue on a particular browser, while on another browser, it may show a warning message, such as:
Privacy error: Your connection is not private” (NET::ERR_CERT_AUTHORITY_INVALID)
So, to avoid these security warnings from appearing, you can simply clear the HSTS setting from the Browser on which you are getting the error. We will discuss how to do that in the later section of the article.
Note: It is essential to ascribe that we vigorously urge you not to do this. But why? Let’s go through the next section to get that answer.
There are “n” number of reasons why you should not circumvent HSTS warnings or not clear the HSTS settings in your browser. Let’s analyze some of the most notable ones:
Now, even after knowing how dangerous it can be, clear HSTS settings, and you want to move ahead, then in the next section will discuss how you can remove it from modern browsers, such as Chrome and Firefox.
Follow the below-given steps to disable it in the Chrome browser:
There are two methods to disable this setting in the Firefox browser; let’s explore each one.
Follow the below-given steps to disable it in the Firefox browser:
Note: Recall that executing this step will vacate cached data associated with that individual website from Firefox.
Follow the below-given steps to disable it in the Firefox browser using another method:
Disabling the Strict Transport Security settings leaves your connection vulnerable to downgrade attacks, exposes you to cyber threats, and changes the format of your transmitted information to plain text. Therefore you should never clear these settings as it can be perilous. In case you want to remove these settings, say for testing purposes, we have provided simple steps that you can follow to do so in both Chrome and Firefox.