Showing results for 
Show  only  | Search instead for 
Did you mean: 
Making moves
Status: New idea

Using this test website, Firefox offers no way to proceed past the HSTS error:



Vivaldi allows you to continue by clicking a proceed:



Chrome and Edge allow you to proceed by typing "thisisunsafe"


It would be handy to let us bypass these warnings (at our own risk), similar to how we can add exceptions to sites with invalid certs. It's not a common use case, but coming across one of these means my only option is to use Chrome/Edge/Vivaldi.

New member

Yeah, this is definitely one of those cases where a bad and malicious spec is actually making people less safe, and ultimately causing them to go use a different web browser sometimes just to view plain HTML pages they know and trust the content of. This needs to get fixed, and it needs to stop getting ignored or punted by Mozilla staff.

New member

They won't do anything mate; They don't understand nor listen and are very stubborn (just read the comments).

I'm still using and liking Firefox but it's saddening to watch the devs not seeing the big picture and the risk of disabling security for the whole browser instead of just one website for just once.


I still have a bit of hope though, if one of them is reading all our messages about this subject.

New member

>> If you want to argue it's not the browser's job to automatically act on behalf of the user, turn off your firewall, antivirus, swap file, crash recovery, etc.

>Yes, that's the point. We can turn all those things off when needed. The same should apply to HSTS.

You quite literally can, by following the directions given on the fifth reply to this post

New member

Is there really no way to disable this, even temporarily?! I am a sysadmin and I NEED to be able to override things from time to time.
No wonder devs and coders are switching to Edge....
I refuse to give up Firefox, but you folks sure are making others want to.


@industrial6: yes, back on the first page there were a couple of ways given to disable this temporarily

(note: since that answer the profile storage has migrated from SiteSecurityServiceState.txt to SiteSecurityServiceState.bin and you won't be able to delete individual lines. That option will require blowing away HSTS information for all domains.)

New member

There was a time when FF was considered a developer-friendly browser.  Now it has morphed into a "nanny" browser.

Between the HSTS labyrinth and Zendesk's perpetually broken support for FF, I'm moving on after 13 years.