(16 votes, average: 5.00 out of 5)
Loading...How to Disable HSTS in Chrome & Firefox?
(16 votes, average: 5.00 out of 5)Loading...
Understanding the Risks and Steps to Clear HSTS Settings in Chrome and Firefox
Do you need to clear HSTS settings in your browser? Maybe for testing purposes or to access a site experiencing HSTS issues? Don’t worry; we will guide you on how to accomplish that.
This article will convey the steps you must follow to disable these settings in Chrome and Firefox. But before moving to that, let’s first understand what HSTS settings are and why you should avoid clearing these settings until it’s indispensable.
Get Affordable Website Security Certificates – Starts @ $3.99
What is HSTS or HTTP Strict Transport Security?
HTTP Strict Transport Security is a type of security setting that compels a web browser to implement HTTPS protocol between the client (browser) and the server, thus eradicating the necessity to divert users from an HTTP URL to an HTTPS URL.
Recommended: What is HSTS Certificate? How to Implement HSTS or Http Strict Transport Security in a Website?
If a domain has enforced HSTS, the Browser will automatically establish an HTTPS connection, even if the user types an HTTP URL or clicks on an HTTP link. This helps prevent attackers from intercepting and altering traffic between the users’ Browser and the server.
Note: A user can’t sidestep an HSTS warning.
The development of HTTP Strict Transport Security (HSTS) directly responded to a security vulnerability introduced by Marlinspike’s SSLStrip tool.
SSLStip tool is a MITM tool that exploits the SSL stripping attack and downgrades the target’s connection from HTTPS to HTTP (converting it back to an unencrypted state.) HSTS solves this issue by explicitly instructing the user’s Browser only to establish HTTPS connections to the server.
However, some problems may occur after implementing this setting. A website may open without any issue on a particular browser, while it may show a warning message on another browser.
So, to avoid these security warnings from appearing, you can simply clear the HSTS setting from the Browser on which you are getting the error. We will discuss how to do that in the later section of the article.
Note: It is essential to ascribe that we vigorously urge you not to do this. But why? Let’s go through the next section to get that answer.
Why “NOT” Disable the HSTS Setting in your Browser?
There are “n” reasons why you should not circumvent HSTS warnings or not clear the HSTS settings in your browser.
- Disabling Strict Transport Security leaves users’ connections liable to downgrade attacks, in which a hacker can use strip tools to compel a website using HTTPS protocol to regress to an unsecured HTTP connection.
- Clearing this setting changes the format in which you transmit information; transmitted information is no longer in a cipher format but as plain text. Hence, all your sensitive information, such as credit card details and social security numbers (whatever you are transmitting), is no longer unassailable.
- Disabling this setting exposes users to cyber menaces, such as cookie hijacking and SSL stripping attacks.
Now, even after knowing how dangerous it can be, precise HSTS settings, and you want to move ahead, the next section will discuss how to remove it from modern browsers, such as Chrome and Firefox.
Better, you fix the HSTS missing issue: How To Fix the “HSTS Missing from HTTPS Server” Error?
How to Clear HSTS in the Chrome Browser?
Follow the below-given steps to disable it in the Chrome browser:
- Open a new tab on your Chrome browser.
- In the URL bar, type chrome://net-internals/#hsts, and press Enter.
- HSTS/PKP window will open.
- Under the Query HSTS/PKP domain section, in the Domain text box, type the domain name for which you desire to delete the settings.
- Under the Delete domain security policies section, type the same domain name in the Domain text box.
- Click the Delete button placed on the right of the text box.
How to Disable HSTS Settings in the Firefox Browser?
There are two methods to disable this setting in the Firefox browser; let’s explore each one.
Method 1:
Follow the below-given steps to disable it in the Firefox browser:
- Verify that no tabs are open in the browser.
- If you use a Windows laptop, press Ctrl + Shift + H on your keyboard to open the browsing record. (If you are a Mac user, press Cmd instead of Ctrl).
- Right-click on the website for which you intend to erase the settings, and from the list, select Forget About This Site option.
Note: Recall that executing this step will vacate cached data associated with that individual website from Firefox.
Method 2:
Follow the below-given steps to disable it in the Firefox browser using another method:
- Open a new tab on your Firefox browser.
- Click on the Open Application Menu, and from the list, navigate to History > Clear recent history.
- In the Clear Recent History tab, from the Time range to clear list, select the Everything option.
- Uncheck all the options in the History section.
- Under the Data section, check the Site Preferences option, and click OK.
Conclusion
Disabling the Strict Transport Security settings leaves your connection vulnerable to downgrade attacks, exposes you to cyber threats, and changes the format of your transmitted information to plain text.
Therefore, you should never clear these settings as they can be perilous. If you want to remove these settings, say for testing purposes, we have provided simple steps that you can follow to do so in both Chrome and Firefox.
Secure your Website with SSL
Enables an Encrypted Connection between Website and Browser Using Trusted SSL Certificate Encryption!
Starts at Just $3.99/Yr