How can I see which sites have set the HSTS flag in my browser?

Chrome:

  • Open Chrome
  • Type chrome://net-internals/#hsts in the address bar of chrome
  • Query domain: if it appears as a result, it is HSTS-enabled

Firefox:

  • Open file explorer
  • Copy and paste the following path into the address bar of your file explorer
    • On Windows: %APPDATA%\Mozilla\Firefox\Profiles\
    • On Linux: ~/.mozilla/firefox
    • On Mac: ~/Library/Application Support/Firefox/Profiles
  • Double click the folder you see (if you have multiple Firefox profiles, there will be multiple folders)
  • Open SiteSecurityServiceState.txt. This textfile contains sites that have enabled HSTS.

There is a Firefox plug-in called PinPatrol that lists all sites (preloaded and visited) known to have HSTS support.