New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Fixed
Closed: May 2015
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug

Participants' hotlists:

Sign in to add a comment

Remove from the HSTS Preload list

Reported by, Apr 24 2015

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Example URL:
e.g. and all subdomain

Steps to reproduce the problem:
1. Access
2. Automatically transferred to https
3. Privacy error is displayed

What is the expected behavior?
Please remove domain name from /net/http/transport_security_state_static.json

What went wrong?
Sends a "Strict-Transport-Security" HTTP Header or submited to

Did this work before? N/A 

Chrome version: 42.0.2311.90  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 17.0 r0

Comment 1 by, Apr 24 2015

Labels: -Cr-Internals-Network Cr-Internals-Network-SSL
Although the best way to fix this is to get a valid certificate for the site, we can make this change for you. However[1],

- Since we just released Chrome 42, this will take about 6 weeks to reach the beta channel, and another 6 weeks to reach stable.
- We can't really provide additional support or guarantees about the resulting effect on the website, especially for other browsers.

Are you willing to accept that?

For reference, the was added to the preload list on Jan. 20:
I understood. Please stop "remove".

I would like to change "include_subdomains" to false.
Is it possible?

Comment 4 by, Apr 25 2015

> I would like to change "include_subdomains" to false. Is it possible?

Yes, although with the same timeline and possible lack of effectiveness.

Comment 5 Deleted

Sorry. I'm not used to English.

I hope to change "include_subdomains" of "" to false only.

Comment 7 by, Apr 27 2015

Status: Assigned
When the tree opens, I'll submit a change to remove from the preload list. We generally require include_subdomains to be set and this doesn't appear to be a case where we need to make an exception.
Project Member

Comment 8 by, Apr 27 2015

The following revision refers to this bug:

commit 456c9c2e03d1cd8be17bcbcb053c9d1499706fcc
Author: Adam Langley <>
Date: Mon Apr 27 22:17:47 2015

net: remove and CS50 from HSTS preload.

BUG= 480785 

Cr-Commit-Position: refs/heads/master@{#327157}


Comment 9 by, May 4 2015

Status: Fixed
Blocking: chromium:527947
Labels: Hotlist-HSTS-Preload-Removals
Summary: Remove from the HSTS Preload list (was: Remove my domain from HSTS Preload list)
Blocking: -527947
Components: Internals>Network>DomainSecurityPolicy
Components: -Internals>Network>SSL

Sign in to add a comment