If you are having issues using websites with the restrictive HSTS (HTTP Strict Transport Security) settings, for whatever reason this browser specific methods may help.
Setting the expiration time on the HSTS header to zero should immediatly make it expire.
<IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=0; includeSubDomains;" env=HTTPS </IfModule>
Ctrl + Shift + H (Cmd + Shift + H on Mac)
The only supported method of removing site specific HSTS settings is to revisit the site and load the new HSTS directives.
Microsoft uses preload lists for HSTS which results in the known behavior
Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Microsoft Edge and Internet Explorer 11 base their preload list on the Chromium HSTS preload list.
While disabling HSTS altogether is NOT recommended, doing so temporarily may be helpful for testing: Internet Explorer 11 adds support for HTTP Strict Transport Security standard
Wil Genovese informed me about this
This does not work - Apple auto-magically puts the HSTS.plist back right after you delete it.
Yes, I figured out a solution. Make sure you are ready to reboot your Mac.
- Quit Safari
- Delete the file ~/Library/Cookies/HSTS.plist
- and before the file can be restored, REBOOT!
- Reopen Safari
Total PITA, but it worked.