My question is about Firefox and Chrome.
Is there a possibility to see which sites have set the HSTS flag in my browser?
My question is about Firefox and Chrome.
Is there a possibility to see which sites have set the HSTS flag in my browser?
Chrome:
chrome://net-internals/#hsts
in the address bar of chromeFirefox:
%APPDATA%\Mozilla\Firefox\Profiles\
~/.mozilla/firefox
~/Library/Application Support/Firefox/Profiles
SiteSecurityServiceState.txt
. This textfile contains sites that have enabled HSTS.There is a Firefox plug-in called PinPatrol that lists all sites (preloaded and visited) known to have HSTS support.
This is a Firefox extension that shows in a readable format, the state of HSTS and HPKP domains stored by the browser. Firefox does not have a native way to show these domains or this functionality documented.
You can find the full Chrome HSTS list in the Chromium source code file transport_security_state_static.json
Firefox uses the same list.