Articles & Snippets

HSTS stands for HTTP Strict Transport Security, a security feature that forces browsers to connect to a site using HTTPS.

What HSTS Does

• Prevents your browser from using HTTP to access a site.
• Protects users from downgrade attacks and cookie hijacking.
• Remembers which sites require HTTPS connections.

Accessing HSTS Settings

Open Chrome and type chrome://net-internals/#hsts in the address bar. You will see a page with two sections: Query HSTS/PKP domain and Delete domain security policies.

Query HSTS Status for a Domain

1. Enter the domain name in the "Domain:" field under Query HSTS/PKP domain.
2. Click "Query".
3. Chrome will show if the domain is known to use HSTS and any policy details.

This lets you check if Chrome is forcing HTTPS for a specific website.

Delete HSTS Policy for a Domain

1. Enter the domain name in the "Domain:" field under Delete domain security policies.
2. Click "Delete".
3. Chrome will remove the HSTS rule for that domain.

This is useful if a site is misconfigured or you need to bypass HSTS temporarily for testing.

Use Cases

• Testing development sites that use self-signed certificates.
• Fixing access issues for sites stuck in HSTS mode.
• Checking which sites are enforcing HTTPS in your browser.

Important Notes

• Changes affect only your local browser, not the server or other users.
• Deleting HSTS policies can reduce security temporarily.
• Use this page only if you know what you are doing.

Summary

chrome://net-internals/#hsts lets you query and remove HSTS rules in Chrome. You can see which domains force HTTPS and reset policies if needed for testing or troubleshooting.

---

google chrome  HSTS