Disabling HSTS for any domain

Google has HSTS and some domains fall under it automatically. This makes Chrome automatically use HTTPS instead of HTTP. As I often work on local/development/testing environments in internal, protected networks HTTPS is not necessary. Yet Chrome forces me to HTTPS everytime anywas. This thread to the rescue: How to stop an automatic redirect from “http://”… Continue Reading Disabling HSTS for any domain

Export Website Certificate from Chrome on OSX

Sometimes there are problems to export a website certificate that is not trusted by one of the major CAs (self-signed or development certificates for example). Usually you’d open the certificate details in Chrome, then drag and drop the image icon to any folder on your computer (for example your Desktop). Then you’d double click it and import… Continue Reading Export Website Certificate from Chrome on OSX

Bypass HSTS in Chrome – thisisunsafe and badidea

If you encounte a website with an invalid certificate and chrome won’t let you access it because of HSTS being enabled, you can simply type “thisisunsafe” (Chrome v.65+) and bypass this check to access the website anyways. Hint: Before Chrome v.65 this is “badidea”. You simply click anywhere into the website, where Chrome displays the… Continue Reading Bypass HSTS in Chrome – thisisunsafe and badidea