How to permanently exclude localhost from HSTS list in Google Chrome

Question

This is a followup question to Google Chrome redirecting localhost to https.

Does anyone know, how to permanently exclude localhost from HSTS list in Go

Answer 1

Chrome 78 supports a policy called HSTSPolicyBypassList. You can list "localhost" as a domain to bypass HSTS. To configure Chrome policy on Linux, just create a file at /etc/opt/chrome/policies/managed/policies.json with the following content:

{
    "HSTSPolicyBypassList": [
        "localhost"
        ]
}

You can see the policies loaded by Chrome, typing chrome://policy/ at address bar.