Hacker News new | ask | show | jobs
by henrikschroder 4435 days ago
HSTS is a good concept, and all browsers implement it, but there's no way to inspect which domains are flagged with it in your browser. So if you pick one up by mistake when you're testing the feature out in development, it just sticks, and the only way to get rid of it is to clear your entire browser cache or reset it, which is extremely annoying.

Browser makers: Please, please, please implement a way for me to inspect and remove individual HSTS "flags" so testing it doesn't become so painful.
2 comments
abarth 4435 days ago
Chrome lets you see some of the HSTS internals:

chrome://net-internals/#hsts

There's no list of HSTS hosts because the host names are hashed on disk.

link
henrikschroder 4435 days ago
Thanks!
link
gellerb 4435 days ago
In Safari one can delete ~/Library/Cookies/HSTS.plist
link