Bypass HSTS in Chrome – thisisunsafe and badidea

If you encounte a website with an invalid certificate and chrome won’t let you access it because of HSTS being enabled, you can simply type “thisisunsafe” (Chrome v.65+) and bypass this check to access the website anyways.

Hint: Before Chrome v.65 this is “badidea”.

You simply click anywhere into the website, where Chrome displays the warning and start typing. Don’t type in the URL address bar. Just on the website.

Leave a Reply