If you once had HTTP Strict Transport Security Show archive.org snapshot enabled for a domain, and you want to disable it again, you need to send this header over a secure connection:
Strict-Transport-Security: max-age=0;
The next time a browser visits your site, it will forget that it was once flagged as HTTPS-only.
Should you need to remove the HSTS flag from your local browser (e.g. for debugging), you can do so in Chrome by accessing chrome://net-internals/#hsts.
Posted by Henning Koch to makandra dev (2014-05-06 11:35)