New issue
Advanced search Search tips
Starred by 2 users
Status: Fixed
Closed: May 2015
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug

Participants' hotlists:

Sign in to add a comment
Remove from the HSTS Preload list
Reported by, Apr 24 2015 Back to list
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Example URL:
e.g. and all subdomain

Steps to reproduce the problem:
1. Access
2. Automatically transferred to https
3. Privacy error is displayed

What is the expected behavior?
Please remove domain name from /net/http/transport_security_state_static.json

What went wrong?
Sends a "Strict-Transport-Security" HTTP Header or submited to

Did this work before? N/A 

Chrome version: 42.0.2311.90  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 17.0 r0
Comment 1 by, Apr 24 2015
Labels: -Cr-Internals-Network Cr-Internals-Network-SSL
Although the best way to fix this is to get a valid certificate for the site, we can make this change for you. However[1],

- Since we just released Chrome 42, this will take about 6 weeks to reach the beta channel, and another 6 weeks to reach stable.
- We can't really provide additional support or guarantees about the resulting effect on the website, especially for other browsers.

Are you willing to accept that?

For reference, the was added to the preload list on Jan. 20:
I understood. Please stop "remove".

I would like to change "include_subdomains" to false.
Is it possible?
Comment 4 by, Apr 25 2015
> I would like to change "include_subdomains" to false. Is it possible?

Yes, although with the same timeline and possible lack of effectiveness.
Comment 5 Deleted
Sorry. I'm not used to English.

I hope to change "include_subdomains" of "" to false only.
Comment 7 by, Apr 27 2015
Status: Assigned
When the tree opens, I'll submit a change to remove from the preload list. We generally require include_subdomains to be set and this doesn't appear to be a case where we need to make an exception.
Project Member Comment 8 by, Apr 27 2015
The following revision refers to this bug:

commit 456c9c2e03d1cd8be17bcbcb053c9d1499706fcc
Author: Adam Langley <>
Date: Mon Apr 27 22:17:47 2015

net: remove and CS50 from HSTS preload.

BUG= 480785 

Cr-Commit-Position: refs/heads/master@{#327157}


Comment 9 by, May 4 2015
Status: Fixed
Blocking: chromium:527947
Labels: Hotlist-HSTS-Preload-Removals
Summary: Remove from the HSTS Preload list (was: Remove my domain from HSTS Preload list)
Blocking: -527947
Components: Internals>Network>DomainSecurityPolicy
Components: -Internals>Network>SSL
Sign in to add a comment