Read more

Disabling HSTS

Henning Koch
May 06, 2014Software engineer at makandra GmbH

If you once had HTTP Strict Transport Security Show archive.org snapshot enabled for a domain, and you want to disable it again, you need to send this header over a secure connection:

Strict-Transport-Security: max-age=0;
Illustration web development

Do you need DevOps-experts?

Your development team has a full backlog? No time for infrastructure architecture? Our DevOps team is ready to support you!

  • We build reliable cloud solutions with Infrastructure as code
  • We are experts in security, Linux and databases
  • We support your dev team to perform
Read more Show archive.org snapshot

The next time a browser visits your site, it will forget that it was once flagged as HTTPS-only.

Should you need to remove the HSTS flag from your local browser (e.g. for debugging), you can do so in Chrome by accessing chrome://net-internals/#hsts.

Posted by Henning Koch to makandra dev (2014-05-06 13:35)