From d67174604d90e8bcdaaa78f14b4d6ad13708336e Mon Sep 17 00:00:00 2001 From: RGBCube Date: Mon, 9 Jun 2025 16:24:46 +0300 Subject: [PATCH 1/3] dump(web.hsts): update --- site/dump/web/hsts.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 site/dump/web/hsts.md diff --git a/site/dump/web/hsts.md b/site/dump/web/hsts.md new file mode 100644 index 0000000..138e8c7 --- /dev/null +++ b/site/dump/web/hsts.md @@ -0,0 +1,19 @@ +--- +title: Bypass HSTS (HTTP Strict Transport Security) +date: 2025-06-09 +--- + +Got an annoying error, like this: + +> `WEBSITE-YOU-ARE-ACCESSING` has a security policy called HTTP Strict Transport +> Security (HSTS), which means that Firefox can only connect to it securely. You +> can’t add an exception to visit this site. + +And you really need to access the site, and don't really care that whatever you +are sending is encrypted? + +Just `Ctrl-H` to go to history (`Command-Shift-H` if on MacOS), search for the +site, and right click and press `Forget About This Site`. + +This will make your browser completely forget about that site and thus not be +able to recall the HSTS header, and let you connect insecurely. From f0d2b5a3bacf33bf93881416c245a41322677509 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Mon, 9 Jun 2025 16:26:28 +0300 Subject: [PATCH 2/3] dump(web.hsts): update --- site/dump/web/hsts.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site/dump/web/hsts.md b/site/dump/web/hsts.md index 138e8c7..cb89142 100644 --- a/site/dump/web/hsts.md +++ b/site/dump/web/hsts.md @@ -17,3 +17,6 @@ site, and right click and press `Forget About This Site`. This will make your browser completely forget about that site and thus not be able to recall the HSTS header, and let you connect insecurely. + +These instrucitons are Firefox and Firefox-based browser specific, but the +process is same on other browsers. From 93f66e0800c14d2bbaf18d21439b0a13a82c00b7 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Mon, 9 Jun 2025 16:29:50 +0300 Subject: [PATCH 3/3] dump(web.hsts): update --- site/dump/web/hsts.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site/dump/web/hsts.md b/site/dump/web/hsts.md index cb89142..711eb5d 100644 --- a/site/dump/web/hsts.md +++ b/site/dump/web/hsts.md @@ -18,5 +18,8 @@ site, and right click and press `Forget About This Site`. This will make your browser completely forget about that site and thus not be able to recall the HSTS header, and let you connect insecurely. +> Do not do this if you value your browsing history of that site. It literally +> says "Forget This Site", act accordingly. + These instrucitons are Firefox and Firefox-based browser specific, but the process is same on other browsers.