Bypass HSTS in Chrome

HSTS headers (Strict Transport Security) are a huge security win since the web becomes more and more encrypted (thanks to letsencrypt,.com)

 

Now,  we are owning a lot of servers, from time to time we are facing the issue, that we can not access a site since we made several tests on it.

we got an error message saying

Your connection is not private

Attackers might be trying to steal your information from www.yoursite,com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_AUTHORITY_INVALID

 

To bypass this warning you just can enter „badidea“ somewhere within your browser window (no, not the address field), saying the above error.

Chrome will then let you bypass the warning and access the site.

 

Update to Chrome 65:

The new bypass keyword is now thisisunsafe

 

 

 

About the Author

Mike Schiessl