Hsts

(HTTP)Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security (opens in a new tab)

Strict-Transport-Security	max-age=31536000 (365d)

Browser auto converts HTTP requests to HTTPS. More secure than 301 redirects from HTTP -> HTTPS, due to initial request is HTTP man-in-the-middle attack.

The Problem

browsers(Chrome/Safari) cannot load localhost with HTTP.

Remove cached headers from browsers:

• chrome://net-internals/#hsts