[google-chrome] Google Chrome redirecting localhost to https

When I debug a Visual Studio project using Chrome the browser tries to redirect to the https equivalent of my web address. I do not have SSL enabled in the web project and the start URL is the http URL. When I debug using FireFox or IE I do not have this problem.

I did re-install Chrome which fixed the problem for a day. Without downloading any addons the problem happened again the next day.

What is making Chrome redirect localhost to https?

Network Inspect Shows: Request URL:data:text/html,chromewebdata Request Headers Provisional headers are shown User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36

No preview and no response data in those tabs.

This question is related to google-chrome

The answer is

Piggybacking off Adiyat Mubarak

Could not hard refresh as it was just refreshing on https. Follows some of the same steps.

1. Open chrome developer tools (ctrl + shift + i)
2. Network Tab at the top
3. Click Disable cache checkbox at the top (right under network tab for me).
4. Refresh page (while the developer tools is still open)

Chrome 63 (out since December 2017), will force all domains ending on .dev (and .foo) to be redirected to HTTPS via a preloaded HTTP Strict Transport Security (HSTS) header. You can find more information about this here.

A lazy and fast solution for lazy people like me (working in Chrome 67).

Just launch another Chrome window in Stealth Mode, with the "Incognito Window" option (CTRL + SHIFT + N). No need to delete cache, no need to dive into deep Chrome settings, etc.

In my case, I had my project path set as /Users/me/dev/project_root/ and was running the nodeJS/express server from there. Renaming my path to /Users/me/project_root (removing dev from the path to project) resolved the issue.

Most likely has to do with this new regulation:

Chrome 63 (out since December 2017), will force all domains ending on .dev (and .foo) to be redirected to HTTPS via a preloaded HTTP Strict Transport Security (HSTS) header.

You can find more information about this here.


  • Google Chrome Version 70.0.3538.110 (Official Build) (64-bit)
  • nodeJS v9.2.0

That's the fastest solution today (17-3-2018):

Close all Chrome tabs / windows and run on your command line this: (or add it as a shortcode)

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors

How I solved this problem with chrome 79:

Just paste this url in you search input chrome://flags/#allow-insecure-localhost

It helped me by using experimental features.

None of these worked for me. It started happening after a chrome update (Version 63.0.3239.84, linux) with a local URL. Would always redirect to https no matter what. Lost some hours and a lot of patience on this

What did worked after all was just changing the domain.

For what is worth, the domain was .app. Perhaps it got something to do? And just changed it to .test and chrome stopped redirecting it

The issue could be replicated in VS 2019 also. This is caused due to "Enable Javascript debugging from Visual Studio IDE". The VS attaches to Chrome and it is a possibility that due to security or reasons known to Google and Microsoft, it sometimes fails to attach and you have this issue. I am able to run http and https with localhost from ASP net core 3.1 app. So while debugging in VS, go to the run with arrow -> IIS express, just below "Web Browser(Chrome)" select "Script Debugging (Disabled)".

See article: https://devblogs.microsoft.com/aspnet/client-side-debugging-of-asp-net-projects-in-google-chrome/


Always fallback to Microsoft docs to get more clarity than googling an issue.

Another option would be to use something like https://github.com/rchampourlier/tunnelss

Sure it added another dependency / setup, but it also enables testing of https in dev, which could be nice.

I use RVM however to get tunnelss working I had to use sudo gem install tunnelss and sudo tunnelss

Tried everything mentioned (browser preferences, hsts, etc.) but nothing worked for me.

I solved it by adding a trailing .localhost to the host aliases.

Like this:    myproject.localhost    dev.project.localhost

I experienced the same problem in Chrome and I tried unsuccessfully to use BigJump's solution.

I fixed my problem by forcing a hard refresh, as shown in this blog (originally from this SuperUser answer).

Ensure your address bar is using the http scheme and then go through these steps, possibly a couple of times:

  1. Open the Developer Tools panel (CTRL+SHIFT+I)
  2. Click and hold the reload icon / Right click the reload icon.
  3. A menu will open.
  4. Choose the 3rd option from this menu ("Empty Cache and Hard Reload")

NEW DEVELOPMENTS! (if you have Chrome 63+)

If your localhost domain is .dev then I don't think the previously accepted and working answers no longer apply. This is because as of the Chrome 63 Chrome will force .dev domains to HTTPS via preloaded HSTS.

What this means is, .dev basically won't work at all anymore unless you have proper signed SSL certificate -- no more self signed certificates allowed! Learn more at this blog post.

So to fix this issue now and to avoid this happening again in the future .test is one recommended domain because it is reserved by IETF for testing / dev purposes. You should also be able to use .localhost for local dev.

This is not a solution, it's just a workaround.

  1. Click on your visual studio project (top level) in the solution explorer and go to the properties window.

  2. Change SSL Enabled to true. You will now see another port number as 'SSL URL' in the properties window.

  3. Now, when you run your application (or view in browser), you have to manually change the port number to the SSL port number in the address bar.

Now it works fine as a SSL link

Unfortunately, none of the solution listed here helped me to resolve this issue. I fixed this issue by using (ip address) instead of http://localhost. A quick little hack to work with angular development with chrome browser.

For someone who had the same problem I solved by pressing CTRL + SHIFT + DELETE to delete just the entire browser cache. Now I can access my localhost website on HTTP protocol.

from https://galaxyinternet.us/google-chrome-redirects-localhost-to-https-fix/

None of the option fixes worked for me, for fixing https://localhost:3000, this did.

click and hold Reload Button and select Empty Cache and Hard Reload, this seems to only be an option on localhost

I also have been struggling with this issue. Seems that HSTS is intended for only domain names. So if you are developing in local machine, it much easier to use IP address. So I switched from localhost to

I never figured out the root of the problem however I was able to fix this problem. I deleted the Google Chrome app cache folder which solved the problem.


This can be caused by a cached https redirect, and can be fixed by clearing the cache manually as in Adiyat Mubarak's answer.

But if you are visiting localhost you likely are a developer, in which case you will find a cache clearing chrome extension such as "classic cache killer" (see e.g. https://chrome.google.com/webstore/search/classic%20cache%20killer?hl=en) useful in a variety of situations, and likely already have one installed.

So the quick fix is: Install a cache killer (if you don't have one already), turn it on, and reload the page. Done!

A simple solution to this is to edit your /etc/hosts file and establish one alias per project.   project1 project2 project3

These domainless names will never have the problem with HSTS unless you send the HSTS response mentioned by @bigjump and with the added benefit of maintaining your login session if you change back and forth between projects.

@Adiyat Mubarak answer did not work for me. When I attempted to clear the cache and hard-reload, the page still redirected to https.

My solution: In the upper right-hand corner of the url bar (just to the left of the favorites star icon) there is an icon with an "x" through it. Right-click on that, and it will say something about "unsafe scripts", then there is an option to load them anyway. Do that.

Go to settings in Chrome and then to Advanced settings, under privacy and security section click Clear browsing data and then clear all data. I followed these steps and it worked for me. Hope it helps some one.

Open Chrome Developer Tools -> go to Network -> select Disable Cache -> reload

Chrome 63 forces .dev domains automatic to HTTPS via preloaded HSTS.
Quick fix: just change the .dev domains to .localhost.

I am facing the same problem but only in Chrome Canary and searching a solution I've found this post.

one of the next versions of Chrome is going to force all domains ending on .dev (and .foo) to be redirected to HTTPs via a preloaded HTTP Strict Transport Security (HSTS) header.

{ "name": "dev", "include_subdomains": true, "mode": "force-https" },
{ "name": "foo", "include_subdomains": true, "mode": "force-https" },

So, change your domains.