How to Stop Chrome from Automatically Redirecting to https

Prevent this major dev annoyance.
Zach Zach (248)
3 minutes

If you ever visited the https version of a website (whether it resolved or not), Google Chrome might repeatedly send you to that version. In other words, http://local.howchoo.com:4000 continually redirects you to https://local.howchoo.com:4000.

Why this happens

This is a secure caching issue where Chrome erroneously caches the redirect the first time you visit the secure version of a site—even if the site doesn't have a valid SSL/TLS certificate.

A pain in local development

This is a major problem in local development where you're often coding in a non-secure environment.

This short guide will show you how to remove the automatic redirect to https in Chrome, fixing the issue.

Google Chrome×1

Howchoo is reader-supported. As an Amazon Associate, we may earn a small affiliate commission at no cost to you when you buy through our links.

net-internals screen in Chrome

In a new browser tab, go to chrome://net-internals/#hsts. This is the configuration area for HSTS.

What is HSTS?

According to Google Chrome, an HSTS is HTTP Strict Transport Security—a way for sites to elect to always use HTTPS.

Deleting domain security policies in Chrome

Scroll down to "Delete domain security policies" and enter the root domain that's causing you issues. For example, I entered howchoo.com to prevent the domain from automatically redirecting to https.

Then, click the Delete button.

Google Chrome nonsecure domain

Visit the http version of the URL that was giving you problems. You should no longer get redirected.

Still getting redirected?

If you're still getting redirected, try clearing your browser cache by navigating to Chrome > Settings > Privacy and security (or by visiting chrome://settings/privacy in your browser) and clear your browsing data.

You can also clear data just for the specific domain by visiting the domain in your browser by navigating to View > Developer > Developer Tools > Application > Clear storage and then clicking the Clear site data button.

Zach Zach (248)
2 minutes

In the wake of Google's announcement that it will start giving a ranking boost to full-SSL sites, many companies are converting their sites to be full-https.