Skip to content

Browser HSTS cache management

Browser HSTS cache management involves the manual procedures required to view or remove the Strict-Transport-Security (HSTS) policies stored by a web browser.^[600-developer__tools__security__Strict-Transport-Security.md]

Since HSTS policies are cached by the browser for a set duration (defined by the max-age directive), users may occasionally need to clear this cache to revert forced HTTPS redirects or resolve connection issues during local development.^[600-developer__tools__security__Strict-Transport-Security.md]

Chrome and Opera

In both Google Chrome and Opera browsers, HSTS settings can be managed via the internal network diagnostics page.

To manage the cache: 1. Navigate to chrome://net-internals/#hsts in the address bar. 2. Locate the "Delete domain" section. 3. Enter the specific domain name and select Delete to remove its policy. 4. Use the "Query domain" section to verify if the policy was successfully removed.^[600-developer__tools__security__Strict-Transport-Security.md]

Firefox

Firefox does not utilize a dedicated HSTS settings page. Instead, HSTS data is cleared alongside the site's general browsing data.

To remove an HSTS policy: 1. Close all active Firefox tabs and windows. 2. Clear the browser's history and cache. 3. Navigate to about:permissions in the address bar. 4. Search for the target domain and select "Forget About This Site".^[600-developer__tools__security__Strict-Transport-Security.md]

Safari

Managing HSTS in Safari requires direct access to the system's configuration files rather than using the browser interface.

To reset the HSTS cache: 1. Quit the Safari application completely. 2. Delete the file located at ~/Library/Cookies/HSTS.plist. 3. Restart Safari. In most cases, a system restart is not required, though it may be necessary in rare instances for the change to take effect.^[600-developer__tools__security__Strict-Transport-Security.md]

Sources

  • 600-developer__tools__security__Strict-Transport-Security.md