How to Disable HSTS in Chrome & Firefox?

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
How to Disable HSTS in Chrome & Firefox

Understanding the Risks and Steps to Clear HSTS Settings in Chrome and Firefox

Do you need to clear HSTS settings in your browser? Maybe for testing purposes or to access a site experiencing HSTS issues? Don’t worry; we will guide you on how to accomplish that. This article will convey the steps you must follow to disable these settings in Chrome and Firefox. But before moving to that, let’s first understand what HSTS setting is and why you should avoid clearing these settings until it’s indispensable.

What is HSTS or HTTP Strict Transport Security?

HTTP Strict Transport Security is a type of security setting that compels a web browser to implement HTTPS protocol between the client (browser) and the server, thus eradicating the necessity to divert users from an HTTP URL to an HTTPS URL. If a domain has enforced HSTS, the Browser will automatically establish an HTTPS connection, even if the user types an HTTP URL or clicks on an HTTP link. This helps prevent attackers from intercepting and altering traffic between the users’ Browser and the server.

Note: A user can’t sidestep an HSTS warning.

The development of HTTP Strict Transport Security (HSTS) was a direct response to a security vulnerability introduced by Marlinspike’s SSLStrip tool. SSLStip tool is a type of MITM tool that exploits the SSL stripping attack and downgrades the target’s connection from HTTPS to HTTP (converting it back to an unencrypted state.) HSTS solves this issue by explicitly instructing the user’s Browser only to establish HTTPS connections to the server.

But some problems may occur after implementing this setting. A website may open without any issue on a particular browser, while on another browser, it may show a warning message, such as:

Privacy error: Your connection is not private” (NET::ERR_CERT_AUTHORITY_INVALID)

So, to avoid these security warnings from appearing, you can simply clear the HSTS setting from the Browser on which you are getting the error. We will discuss how to do that in the later section of the article.

Note: It is essential to ascribe that we vigorously urge you not to do this. But why? Let’s go through the next section to get that answer.

Why “NOT” Disable the HSTS Setting in your Browser?

There are “n” number of reasons why you should not circumvent HSTS warnings or not clear the HSTS settings in your browser. Let’s analyze some of the most notable ones:

  • Disabling Strict Transport Security leaves users’ connections liable to downgrade attacks, in which a hacker can use strip tools to compel a website using HTTPS protocol to regress to an unsecured HTTP connection.
  • Clearing this setting changes the format in which you transmit information; transmitted information is no longer in a cipher format but as plain text. Hence, all your sensitive information, such as credit card details and social security numbers (what so ever you are transmitting), is no longer unassailable.
  • Disabling this setting exposes users to cyber menaces, such as cookie hijacking and SSL stripping attacks.

Now, even after knowing how dangerous it can be, clear HSTS settings, and you want to move ahead, then in the next section will discuss how you can remove it from modern browsers, such as Chrome and Firefox.

How to Disable HSTS in the Chrome Browser?

Follow the below-given steps to disable it in the Chrome browser:

  • Open a new tab on your Chrome browser.
  • In the URL bar, type chrome://net-internals/#hsts, and press Enter.
  • HSTS/PKP window will open.
  • Under the Query HSTS/PKP domain section, in the Domain text box, type the domain name for which you desire to delete the settings.
  • Under the Delete domain security policies section, type the same domain name in the Domain text box.
  • Click the Delete button placed on the right of the text box.
Steps to Clear HSTS settings in Chrome

How to Disable HSTS Settings in the Firefox Browser?

There are two methods to disable this setting in the Firefox browser; let’s explore each one.

Method 1:

Follow the below-given steps to disable it in the Firefox browser:

  • Verify that no tabs are open in the browser.
  • If you use a Windows laptop, press Ctrl + Shift + H on your keyboard to open the browsing record. (If you are a Mac user, press  Cmd instead of Ctrl).
  • Right-click on the website for which you intend to erase the settings, and from the list, select Forget About This Site option.
Steps to Clear HSTS settings in Firefox Browser

Note: Recall that executing this step will vacate cached data associated with that individual website from Firefox.

Method 2:

Follow the below-given steps to disable it in the Firefox browser using another method:

  • Open a new tab on your Firefox browser.
  • Click on the Open Application Menu, and from the list, navigate to History > Clear recent history.
  • In the Clear Recent History tab, from the Time range to clear list, select the Everything option. 
  • Uncheck all the options present under the History section.
  • Under the Data section, check the Site Preferences option, and click OK.
HSTS settings in Firefox


Disabling the Strict Transport Security settings leaves your connection vulnerable to downgrade attacks, exposes you to cyber threats, and changes the format of your transmitted information to plain text. Therefore you should never clear these settings as it can be perilous. In case you want to remove these settings, say for testing purposes, we have provided simple steps that you can follow to do so in both Chrome and Firefox.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.