Skip to content
Posts
Disabling HSTS for a specific domain in Chrome

Disabling HSTS for a specific domain in Chrome

July 21, 2021

Note

This post may be partially machine- or AI-translated. If there is any discrepancy, the Korean version takes precedence.

Note

This post might be outdated and some links might not be available.

This post explains how to disable HSTS for a specific domain.
It was written using Chrome 91.0.4472.114.

  • This does not apply when the domain is preloaded, such as with Strict-Transport-Security: ...; preload.

Disable HSTS

  1. Enter chrome://net-internals/#hsts in Chrome’s address bar.
  2. Enter the domain to disable under Delete domain security policies, then click Delete.
  3. Done
Chrome net internals HSTS delete domain security policies form

Before disabling

Chrome certificate warning before disabling HSTS

After disabling

Chrome certificate warning after disabling HSTS

You can confirm that the Proceed to [site] (unsafe) button appears.

Check whether the domain is preloaded

Domains submitted to the HSTS Preload List cannot be disabled because Chrome includes the list internally.

Preloaded domain (wikipedia.org)

HSTS Preload List lookup result

HSTS preload list result for wikipedia.org

Query result in chrome://net-internals/#hsts

Chrome net internals HSTS query result for a preloaded domain

Domain with only the header set (can be disabled)

Chrome net internals HSTS query result for a header-only domain
Last updated on
Creating a Linux RAM disk (tmpfs)Editing the hosts file on macOS