Cover image for Clear saved HSTS pinnings in Safari and macOS

Clear saved HSTS pinnings in Safari and macOS

tuacker profile image Markus Bodner Originally published at markusbodner.com on ・1 min read

So today I was trying to get SSL working on my machine with localhost. In the process I set the HSTS headers, telling the browser to never access the non-secure http:// version of localhost. Thus going to http://localhost:4000 would always fail as HSTS tells the browser to only access https://.

Here is how you can reset the cache Safari has for HSTS pinnings so you can access your local http://localhost again.

Open a terminal and follow those steps:

sudo killall nsurlstoraged

# or edit file, search for "localhost", remove it and then save
rm -f ~/Library/Cookies/HSTS.plist

launchctl start /System/Library/LaunchAgents/com.apple.nsurlstoraged.plist

You may have to restart Safari afterwards.


Editor guide
pyrog profile image
Yves Pratter

Unfortunately, it doesn't work.
macOS 10.14.6 (18G95)

$ sudo rm -f ~/Library/Cookies/HSTS.plist
rm: /Users/yves/Library/Cookies/HSTS.plist: Operation not permitted

hablutzel1 profile image
Jaime Hablutzel

See osxdaily.com/2018/10/09/fix-operat... before following the instructions on this post.