DEV Community

Cover image for Clear saved HSTS pinnings in Safari and macOS
Markus Bodner
Markus Bodner

Posted on • Originally published at on

Clear saved HSTS pinnings in Safari and macOS

So today I was trying to get SSL working on my machine with localhost. In the process I set the HSTS headers, telling the browser to never access the non-secure http:// version of localhost. Thus going to http://localhost:4000 would always fail as HSTS tells the browser to only access https://.

Here is how you can reset the cache Safari has for HSTS pinnings so you can access your local http://localhost again.

Open a terminal and follow those steps:

sudo killall nsurlstoraged

# or edit file, search for "localhost", remove it and then save
rm -f ~/Library/Cookies/HSTS.plist

launchctl start /System/Library/LaunchAgents/

You may have to restart Safari afterwards.

Top comments (2)

pyrog profile image
Yves Pratter

Unfortunately, it doesn't work.
macOS 10.14.6 (18G95)

$ sudo rm -f ~/Library/Cookies/HSTS.plist
rm: /Users/yves/Library/Cookies/HSTS.plist: Operation not permitted

hablutzel1 profile image
Jaime Hablutzel

See before following the instructions on this post.