Have a Question? Search our Knowledge Base.

Reset HSTS Browser Settings

Alex Keller -

If you are having issues with visiting HTTP only Stanford websites it may be due to overly restrictive HSTS (HTTP Strict Transport Security) settings that were mistakenly propagated on 1/18/2017.

This issue can most commonly be fixed by pointing your browser to: https://stanford.edu

Wait for the page to load, then quit your browser application and restart. If that does not correct the issue, these browser specific methods may help.

Chrome:

Type "chrome://net-internals/#hsts" in the address bar. Under "Delete domain" type "stanford.edu" and press the Delete button. Quit Chrome then relaunch and test.

Firefox:

Goto Browser Settings --> History. Select "Show All/Complete History". Search for "https://stanford.edu" and right click on the entry to select "Forget About This Site". Quit Firefox then relaunch and test.

Advanced Method: Find file SiteSecurityServiceState.txt typically located in C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\. Edit the file and delete the line that starts with "stanford.edu".

Safari: 

Quit Safari. Delete the file ~/Library/Cookies/HSTS.plist. Launch Safari and test. 

Internet Explorer:

The only supported method of removing site specific HSTS settings is to revisit the site (https://stanford.edu) and load the new HSTS directives . While disabling HSTS altogether is NOT recommended, doing so temporarily may be helpful for testing:

https://support.microsoft.com/en-us/help/3071338/internet-explorer-11-adds-support-for-http-strict-transport-security-standard

General HSTS Information:

https://https.cio.gov/hsts/

https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet

 

 

 

Have more questions? Submit a request

Comments