Strict-Transport-Security
Fleeting- External reference: https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/
- External reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS
— https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead.
— https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
Strict-Transport-Security header is ignored by the browser when your site has only been accessed using HTTP. Once your site is accessed over HTTPS with no certificate errors, the browser knows your site is HTTPS capable and will honor the Strict-Transport-Security header
— https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
first time your site is accessed using HTTPS and it returns the Strict-Transport-Security header, the browser records this information, so that future attempts to load the site using HTTP will automatically use HTTPS instead.
— https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
When the expiration time specified by the Strict-Transport-Security header elapses, the next attempt to load the site via HTTP will proceed as normal instead of automatically using HTTPS
— https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
Unlike other HTTPS errors, HSTS-related errors cannot be bypassed
— https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/