Disable HTS checking in Nginx

Often for testing, development, admin, or troubleshooting purposes, HSTS is a PITA that needs to be turned off. Here are some quick notes to do so in nginx...

Disable HTTP Strict Transport Policy
Look for the following line in NGINX configuration file.

add_header Strict-Transport-Security ...
Remove this line, or comment it by adding # at its beginning.

If you don’t find the above line, then add the following line

add_header Strict-Transport-Security "max-age=0;";
In the above line, we set the Strict-Transport-Security header for 0 days, that is, we disable it.

You need to add this in server block of your NGINX configuration file, that listens to port 443 (SSL/HTTPS).

server {
listen 443
...
add_header Strict-Transport-Security "max-age=0";
...
}

Filed under: Blog Posting, CMS, app servers, web servers, etc.

Navigation

News: Thoughts on Quantum Computing, "Qomputing", Organic Computing, etc. Oct 31, 2024; Standards of Practice: Code Commenting Style Preferences and Recommendations Sep 19, 2024; Verbalizing Coding Parlance Mar 22, 2024; Another Round of Adventures in Microsoft Incompetence Feb 22, 2024; Rough Week! Alienware M18 Blew Up and Burned! Meanwhile Installing Q4OS TDE on Alienware M16 Jan 24, 2024; More news…