Posted almost 7 years ago. Visible to the public.

Disabling HSTS

If you once had HTTP Strict Transport Security enabled for a domain, and you want to disable it again, you need to send this header over a secure connection:

Strict-Transport-Security: max-age=0;

The next time a browser visits your site, it will forget that it was once flagged as HTTPS-only.

Should you need to remove the HSTS flag from your local browser (e.g. for debugging), you can do so in Chrome by accessing chrome://net-internals/#hsts.

Once an application no longer requires constant development, it needs periodic maintenance for stable and secure operation. makandra offers monthly maintenance contracts that let you focus on your business while we make sure the lights stay on.

Owner of this card:

Henning Koch
Last edit:
almost 7 years ago
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Henning Koch to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more