Vacer.de
Website

HSTS Fix

Learn how to fix HSTS blocking Port Access to your Server

3 min read

Clearing HSTS in Your Browser

Sometimes your browser may refuse to access a website via HTTP because it has cached a HSTS (HTTP Strict Transport Security) policy for the domain. This can prevent access to services running on custom ports or plain HTTP. This guide explains how to clear HSTS in different browsers.

Google Chrome (Desktop)

  1. Open Chrome and navigate to:

    chrome://net-internals/#hsts

  2. Scroll down to "Delete domain security policies".

  3. In the Domain field, type your domain (e.g., node-2.vacer.de).

  4. Click Delete.

  5. Restart Chrome and try accessing your site again.

Mozilla Firefox (Desktop)

There are multiple ways to clear HSTS settings in Firefox. Two common methods are shown below.

The first method works in most cases. If it does not, use the manual fallback method.

  1. Close all open tabs in Firefox.
  2. Open the full History window:
    • Windows/Linux: Ctrl + Shift + H
    • macOS: Cmd + Shift + H
  3. Find the website whose HSTS settings you want to remove (use the search box in the top-right).
  4. Right-click the website entry and select Forget About This Site.
    • This removes HSTS settings and other cached data for that domain.
  5. Restart Firefox and visit the site again (HTTP access should now work).

If this does not work, use the manual method:

  1. In the address bar, open about:config.
  2. Search for HSTS-related entries and remove/reset data for the domain if available.
  3. Restart Firefox.

Microsoft Edge (Desktop)

  1. Open Edge and navigate to:

    edge://net-internals/#hsts

  2. Follow the same steps as Chrome: delete the domain security policy for your domain.

  3. Restart Edge.

Apple Safari (Desktop / macOS)

  1. Open SafariPreferencesPrivacyManage Website Data…
  2. Search for your domain and remove it.
  3. Close and reopen Safari.

iOS Safari

  1. Go to Settings → Safari → Advanced → Website Data.
  2. Search for your domain and swipe to delete it.
  3. Restart Safari.

Android Chrome / Mobile Browsers

  • Android Chrome shares the same steps as desktop Chrome:

    • Go to chrome://net-internals/#hsts in the mobile browser.
    • Delete the domain security policy.

  • If that’s not accessible, clearing the browser cache and site data will remove HSTS.

Important Notes

  • HSTS is cached in the browser; removing it only affects that browser/device.
  • If your site previously sent HSTS headers with includeSubDomains, consider using a separate subdomain for HTTP-only services to avoid future conflicts.
  • Always use HTTP for ports without SSL and HTTPS for ports with SSL to prevent errors like SSL_ERROR_RX_RECORD_TOO_LONG.

Forum

What is the forum, and how do you create posts?

Legal

What is the legal page, and what documents does it contain?

On this page

Clearing HSTS in Your BrowserGoogle Chrome (Desktop)Mozilla Firefox (Desktop)Microsoft Edge (Desktop)Apple Safari (Desktop / macOS)iOS SafariAndroid Chrome / Mobile BrowsersImportant Notes