Highest Voted 'hsts' Questions

10

votes

3 answers

how to ignore HSTS on Chrome?

am running Chrome 103.0.5060.66 and intentionally MITM'ing myself with Fiddler Proxy, and it works on websites not using HSTS, but breaks on HSTS sites. How can i tell Chrome to ignore HSTS? example of a website using HSTS: https://www.century21.pt/…

asked Jul 06 '22 at 16:00

hanshenrik

1,925
3
25
38

5

votes

1 answer

Disable/remove HSTS for a website in chrome

My https not supported website is getting re-directed to https by default. I tried removing hsts entry from chrome net-internal settings but it does not work & the redirection just keeps happening. My website is a subdomain like xxx.yyy.com where…

google-chrome https hsts

asked May 15 '17 at 09:04

Aarish Ramesh

151

2

votes

3 answers

Ignore HSTS preloading in browsers

Google Chrome (and other browsers) do a great job preventing the user from viewing non-TLS sites or sites with invalid certificates by using HSTS preloading. So good actually that I can't find a way to open the site in Google Chrome at…

google-chrome hsts

asked Dec 12 '23 at 06:46

xsrf

171

2

votes

0 answers

how to ignore HSTS on Firefox?

am running Firefox 91.11.0esr and intentionally MITM'ing myself with Fiddler Proxy, and it works on websites not using HSTS, but breaks on HSTS sites. How can i tell firefox to ignore HSTS? googling suggest going to about:settings and…

proxy fiddler hsts mitmproxy

asked Jul 04 '22 at 12:44

hanshenrik

1,925
3
25
38

2

votes

4 answers

HSTS not working with Chrome

I have configured Apache to return HSTS header. When connecting to https://lab20.example.com from Google Chrome and running with developer tools I can see the following response header: Strict-Transport-Security:max-age=63072000;…

apache-http-server ssl tls hsts

asked Aug 01 '16 at 06:59

user2913139

131

1

vote

2 answers

HSTS error due to substituted certificate

For about two months I have been unable to reach a website I frequent. Firefox displays this message: Did Not Connect: Potential Security Issue Firefox detected a potential security threat and did not continue to xxxxx.com because this website…

https hsts

asked Jul 13 '24 at 23:02

John Frickson

11

1

vote

3 answers

Can not access Netgear EX6200 through www.mywifiext.net

I try to configure a Netgear EX6200, as described on label and other instructions, including: I connect to the wifi that the device provides. I then access "http://www.mywifiext.net". In Chrome, Chromium, Firefox or Edge quietly force a redirect…

wireless-networking netgear-router hsts

asked Aug 09 '23 at 23:46

JanErikGunnar

121

1

vote

0 answers

Unable to access Dropbox on desktop due to HSTS?

I am unable to access Dropbox on Windows 10 desktop. I can do it on another Windows 10 computer as well as Android phone on the same Wi-Fi but not on this one desktop through two different ISPs. Tried four different browsers, including Firefox,…

windows-10 dropbox hsts

asked Dec 17 '20 at 01:13

prl77

272

1

vote

0 answers

WinServer 2019 Standard Https Issue

Recently installed Windows Server 2019 Standard (legit and activated) and migrated my mail server over to this server. I noticed after I was done that I cannot browse the web if the website uses https. Below I attached pictures and I have tried to…

google-chrome https windows-server-2019 hsts

asked Aug 06 '20 at 16:33

Shiphted

11

1

vote

1 answer

How can I circumvent HSTS on an intranet subdomain?

So, I have control over a small webserver that controls a subdomain of an intranet domain; the domain has HSTS turned on, so I can't connect to my subdomain via HTTP; I also can't use self-signed certificates and HTTPS. I've thought about using…

certificate https intranet hsts

asked Apr 27 '18 at 11:27

user430258

1

vote

0 answers

'Your connection is not secure' on google after update

After update to the latest version of firefox (52.0), when I enter on google.com* I get: Your connection is not secure Without the chance to add an exception. Without luck, I tried: Delete cert8.db and cert_override.txt Adding manually the line…

ssl hsts

asked Mar 14 '17 at 13:37

jotapdiez

111

0

votes

1 answer

HTTPS and HSTS headers issue

In my scenario we currently have www3.example.com routing through a few different paths. Could you please advise how we should correct this to be a better approach, possibly just redirecting even? "The HTTP site redirects users to a new URL in a way…

php http amazon-web-services https hsts

asked Apr 08 '22 at 14:24

samtech

11

0

votes

0 answers

SSL_ERROR_BAD_CERT_DOMAIN / NET::ERR_CERT_COMMON_NAME_INVALID on mismatched site

I am having a problem where sporadically, I start getting SSL_ERROR_BAD_CERT_DOMAIN errors in Firefox and NET::ERR_CERT_COMMON_NAME_INVALID errors in Chrome on the same sites (so it must be something they share in common, rather than within the…

google-chrome ssl hsts

asked Sep 15 '20 at 21:25

Vultan

373

0

votes

0 answers

Transport header security header (HSTS) is not working with Internet Explorer 11

We are using a self-signed certificate in our application & want to use HSTS header for added security. We access our application using ip or hostname. I found that for HSTS to work, - no certificate errors must be there (installed self-signed…

certificate hsts internet-explorer

asked Aug 28 '18 at 13:06

Abhishek Sharma M

0

votes

0 answers

How am I supposed to reach a captive portal's login page when all my favorite sites use HSTS?

So I wanted to use the WiFi somewhere with a captive portal today. No problem, right? I'll just open my browser, type in www.google.com, and see the login page for the WiFi. Wrong! My browser wants to connect to Google by HTTPS, and that prevents…

wireless-networking ssl https captive-portal hsts

asked Jan 23 '18 at 16:52

Ken Bloom

499

Questions tagged [hsts]