Hsts

Delete a HSTS Key Pin in Chrome

hpkp
hsts
webserver

Here are the steps to take on Chrome when a HSTS key pin is set on a website, but incorrect. Go to the net-internals settings to search for the domain.

Summary

Delete a HSTS Key Pin in Chrome Key pinning can be tricky and sometimes you might encounter a website having an incorrect key pin. This is usually caused by renewing certificates. In that case the duration time of the key pin might overlap the expire time of the moment of renewal. Chrome Error You will be seeing an error something like: Your connection is not private Attackers might be trying to steal your information from domain.

Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx

apache
hsts
nginx

HTTP Strict Transport Security (HSTS) is a security capability to force clients to use HTTPS. In this article, we implement HSTS for Apache and Nginx.

Summary

Configure Apache or Nginx to use HTTP Strict Transport Security (HSTS)