How can I see which sites have set the HSTS flag in my browser?
Chrome:
- Open Chrome
- Type
chrome://net-internals/#hstsin the address bar of chrome - Query domain: if it appears as a result, it is HSTS-enabled
Firefox:
- Open file explorer
- Copy and paste the following path into the address bar of your file explorer
- On Windows:
%APPDATA%\Mozilla\Firefox\Profiles\ - On Linux:
~/.mozilla/firefox - On Mac:
~/Library/Application Support/Firefox/Profiles
- On Windows:
- Double click the folder you see (if you have multiple Firefox profiles, there will be multiple folders)
- Open
SiteSecurityServiceState.txt. This textfile contains sites that have enabled HSTS.
There is a Firefox plug-in called PinPatrol that lists all sites (preloaded and visited) known to have HSTS support.