The way that\u00a0website owners\u00a0enable HSTS\u00a0connections on their websites\u00a0is\u00a0by\u00a0including\u00a0specific\u00a0code in the websites\u2019\u00a0headers.\u00a0HSTS protects the website visitors from some dangerous cyber threats such as\u00a0SSL stripping<\/a>\u00a0and\u00a0man-in-the-middle attacks<\/a>. But\u00a0unlike\u00a0any other SSL error, users\u00a0can\u2019t\u00a0bypass the HSTS error pages\u00a0by clicking on the\u00a0\u201cAdvanced\u201d tab\u00a0and clicking on\u00a0Proceed to\u00a0anywebsite.com (unsafe).<\/strong>\u00a0\u00a0\u00a0<\/p>\n\n\n\n But\u00a0there are ways to\u00a0disable HSTS\u00a0in Chrome\u00a0and\u00a0Firefox\u00a0by tweaking some settings\u00a0in the browsers.\u00a0By doing so, you are forcing\u00a0the\u00a0browsers to bypass the website’s HSTS headers and access web pages using HTTP. However, this\u00a0is a highly dangerous practice, and we don’t recommend it.<\/strong>\u00a0<\/p>\n\n\n\n By using HTTP instead of HTTPS, all the communications\u00a0between you and the website will be in plaintext. This means that\u00a0hackers can steal\u00a0a variety of your sensitive\u00a0information, including:\u00a0\u00a0<\/p>\n\n\n\n Having said that, if you still want to access the site and aren\u2019t planning to input any sensitive data, you can disable HSTS in Chrome and Firefox by following the below steps. <\/p>\n\n\n\n To clear HSTS settings in the Chrome browser, do the following:<\/p>\n\n\n\n Step 1:<\/strong>\u00a0Write\u00a0chrome:\/\/net-internals\/#hsts<\/em><\/strong>\u00a0<\/em>in the address bar.\u00a0<\/em>\u00a0<\/p>\n\n\n\n Step 2 <\/strong>(optional)<\/em><\/strong>:<\/em><\/strong> <\/em>If you want to check whether the website you are trying to reach has enabled HSTS, write the domain name (without HTTPS or HTTP) under the Query HSTS\/PKP domain<\/strong>. <\/p>\n\n\n\n Step <\/strong>3<\/strong>:<\/em><\/strong> <\/em>Scroll down the page to the Delete domain security policies<\/strong> section. Type the website\u2019s web address (for the site you\u2019re trying to reach) in the field <\/strong>and hit Delete. <\/strong>Please make sure you write the domain name without HTTP:\/\/ or HTTPS:\/\/. (For example, amazon.com or www.amazon.com) <\/p>\n\n\n\n Check out the screenshot below for reference: <\/p>\n\n\n\n That\u2019s it! This is all you need to disable HSTS in Chrome. <\/p>\n\n\n\n There are actually a few ways to disable HSTS in Firefox. To clear HSTS settings in Firefox, choose any of the following steps and see which one works for you.\u00a0<\/p>\n\n\n\n Step 1:<\/strong> Open Firefox and hit Shift+ CTRL+ H (or Cmd<\/strong> + Shift + H<\/strong>\u202fon Mac) to open the History window. <\/p>\n\n\n\n Step 2:<\/strong> Find the website for which you want to disable HSTS. You can do this by either selecting the site from the list or by using the Search History feature in the top-right corner. <\/p>\n\n\n\n Step 3:<\/strong> Right-click on the website and select Forget <\/strong>A<\/strong>bout <\/strong>T<\/strong>his <\/strong>Site<\/strong>. <\/p>\n\n\n\n Please note that this step will delete all the saved data (like credentials for auto login) from your cache for this website. For the changes to take effect, you may need to exit and restart Firefox. Step 1:<\/strong> Write about: config<\/strong> <\/strong>in Firefox\u2019s address bar. <\/p>\n\n\n\n Step 2:<\/strong> Click on click on the Accept<\/strong> the <\/strong>R<\/strong>isk<\/strong> and <\/strong>C<\/strong>ontinue<\/strong> button.<\/strong> <\/p>\n\n\n\n Step 3:<\/strong> Search HSTS<\/strong> <\/strong>in the search bar. <\/p>\n\n\n\n Steps 4:<\/strong> Double click on\u202fsecurity.mixed_content.<\/strong>block_display_content<\/strong> and set it to\u202ftrue<\/strong>. <\/p>\n\n\n\n If the above tip doesn\u2019t work, simply delete the site preference. <\/p>\n\n\n\n Step 1:<\/strong> Open\u00a0the History<\/strong>\u00a0tab from the library option.\u00a0\u00a0<\/p>\n\n\n\n Step 2:<\/strong>\u00a0Click on\u00a0Clear recent history<\/strong>.\u00a0\u00a0<\/p>\n\n\n\n Step 3:<\/strong> Select\u00a0Everything\u00a0<\/strong>in the time range toggle.\u00a0<\/strong>And select\u00a0Site preferences\u00a0<\/strong>under the Data title. Click OK.\u00a0\u00a0<\/p>\n\n\n\n Step 4:<\/strong> Restart the browser.\u00a0\u00a0<\/p>\n\n\n\n HTTP stands for hypertext transfer protocol. By default, all the data transferred between a website and its users travels via HTTP. But in HTTP, the data transmits in plaintext format. That means if a hacker intercepts your internet connection via hacking your router or public Wi-Fi ports, they can read, interpret, and steal your sensitive data. <\/p>\n\n\n\n That\u2019s\u00a0why a more secure communication channel, HTTPS, was developed. HTTPS,\u00a0which\u00a0stands for hypertext transfer protocol secure,\u00a0provides a\u00a0secure,\u00a0encrypted\u00a0channel\u00a0to transfer the data. Encryption means transferring the plaintext data into an incomprehensible form using a\u00a0mathematical\u00a0algorithm. No one can\u00a0decrypt\u00a0and interpret the\u00a0encrypted text without\u00a0the corresponding\u00a0cryptographic key.\u00a0\u00a0<\/p>\n\n\n\n To enable HTTPS, the website owner installs an SSL\/TLS certificate.\u00a0After the installation, the webmaster needs to do 301 and 302 redirects to transfer all the web\u00a0pages from HTTP to HTTPS.\u00a0For example, if I write\u00a0http:\/\/sectigostore.com<\/a>, it\u00a0automatically\u00a0redirects\u00a0me to\u00a0https:\/\/sectigostore.com<\/a>. But often, the redirects\u00a0don\u2019t\u00a0work properly, and the pages are still accessible with HTTP. Sometimes companies intentionally keep some web\u00a0pages on HTTP or keep them available on HTTP and HTTPS both.\u00a0\u00a0<\/p>\n\n\n\n Accessing a website via HTTP is a risky practice. As we pointed out earlier, hackers can intercept your connection to read and steal sensitive data in MitM attacks. Hackers sometimes execute SSL\/stripping attacks using a tool called SSLstrip to force browsers to load websites via the insecure HTTP connection. <\/p>\n\n\n\n SSLstrip strips the connection between a user and the server of its secure HTTPS protocol to deploy a man-in-the-middle attack. Whenever the user tries to open a website with HTTPS, the hacker intercepts that request and continues to establish an HTTPS connection between himself and the server instead. So, while the connection between the website visitor and the hacker remains in HTTP, and the hacker and website’s server in HTTPS. <\/p>\n\n\n\n Here, the hacker acts as a bridge between the user and server. They can steal all the user data as it remains in plaintext in HTTP channel. But the server doesn\u2019t get a clue about it as it is establishing an HTTPS connection from its end. <\/p>\n\n\n\n HSTS\u202fwas created in response to an HTTPS vulnerability that was discovered by computer security researcher Moxie Marlinspike. With HSTS protocol, the website forces the browsers to open the website strictly with HTTPS only. Hence, if someone tries to open a website with HTTP or tricks browsers into loading websites via HTTP, the HSTS protocol blocks such requests. <\/p>\n\n\n\n But\u00a0the good (and bad, depending on your view) thing about\u00a0HSTS\u00a0is that it\u00a0blocks all types of HTTP requests.\u00a0That means if an HSTS-enabled website’s SSL certificate is\u00a0having issues,\u00a0the browsers won’t allow users to bypass the error page with the regular tricks to get rid of “your connection is not private<\/a>\u201d or \u201cSecurity risk ahead<\/a>\u201d page.\u00a0But you can use the above mention tips to force your browsers to ignore the HSTS protocol.\u00a0\u00a0<\/p>\n\n\n\nHow to Disable HSTS in Chrome <\/h2>\n\n\n\n
![\"A](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/11\/image.png\")
![\"Screenshot](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/11\/image-1.png\")
How to Disable HSTS in Firefox <\/h2>\n\n\n\n
How to Manually\u00a0Disable HSTS\u00a0in\u00a0Firefox\u00a0For a\u00a0Specific\u00a0Website\u00a0<\/h3>\n\n\n\n
<\/p>\n\n\n\n![\"Disable](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/11\/image-2.png\")
How\u00a0to\u00a0Change Browser Settings to Disable HSTS in Firefox\u00a0\u00a0<\/h3>\n\n\n\n
Method 1<\/em> <\/h4>\n\n\n\n
![\"Disable](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/11\/image-3.png\")
<\/figure>\n\n\n\nMethod 2<\/em> <\/h3>\n\n\n\n
![\"Disable](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/11\/image-4.png\")
<\/figure>\n\n\n\n![\"Clear](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/11\/image-5.png\")
<\/figure>\n\n\n\nThe Basics: How HTTPS Works & Why Websites Prefer HSTS <\/h2>\n\n\n\n
Risks Associated With Using HTTP Instead of HTTPS <\/h3>\n\n\n\n
How HSTS Prevents Cyber Risks Associated with Using HTTP\u00a0<\/h3>\n\n\n\n
Wrapping Up on How to Disable HSTS in Chrome and Firefox\u00a0<\/h2>\n\n\n\n