Top "Hsts" questions

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents are to interact with it using only secure HTTPS connections.

How to disable HTTP Strict Transport Security?

I had a Rails application with config.force_ssl = true, but now I dont want SSL encryption, but my app …

ruby-on-rails apache ssl https hsts
Google Chrome localhost | NET::ERR_CERT_AUTHORITY_INVALID

All of a sudden I seem to have an issue with Google Chrome using localhost. I'm trying to access any …

google-chrome ssl localhost hsts
Add HSTS feature to Tomcat

Trust you all well. My web application run on tomcat 6.0.43 and do not use apache or nginx at front. I'm …

java spring security tomcat hsts
Non-Authoritative-Reason header field [HTTP]

I'm having difficulty finding out what it means when I have the response header Non-Authoritative-Reason : HSTS I have searched a …

google-chrome http hsts
How to disable Chrome HSTS permanently for a subdomain

I have following setup: The application https://app.domain.de is our production environment and is automatically forwarded to use …

google-chrome https hsts
Enable HTTP Strict Transport Security (HSTS) with spring boot application

I have followed the article https://docs.spring.io/spring-security/site/docs/4.0.2.RELEASE/reference/html/headers.html#headers-hsts to enable …

java spring spring-boot spring-security hsts
Safari keeps forcing HTTPS on localhost

When I load http://localhost:3000 in Safari, Safari automatically redirects to https://localhost:3000. How can I disable this functionality? I …

http https safari hsts
How to permanently exclude localhost from HSTS list in Google Chrome

This is a followup question to Google Chrome redirecting localhost to https. Does anyone know, how to permanently exclude localhost …

google-chrome localhost hsts
How to implement HTTP Strict Transport Security (HSTS) on AWS Elastic Load Balancer?

I would like to implement HSTS to my application. I have an ELB terminating SSL and forwarding the traffic to …

apache amazon-web-services ssl amazon-elb hsts
Spring boot: Do not send HSTS header

In a dev environment I have the problem that my browser (Yandex) redirects (307) an OPTIONS request to the https version …

spring-boot xmlhttprequest hsts