When I debug a Visual Studio project using Chrome the browser tries to redirect to the https equivalent of my web address I do not have SSL enabled in the web project and the start URL is the http URL When I debug using FireFox or IE I do not have this problem I did re-install Chrome which fixed the problem for a day Without downloading any addons the problem happened again the next day What is making Chrome redirect localhost to https Network Inspect Shows Request URL data text html chromewebdata Request Headers Provisional headers are shown User-Agent Mozilla 5 0 Windows NT 6 3 WOW64 AppleWebKit 537 36 KHTML like Gecko Chrome 36 0 1985 143 Safari 537 36 No preview and no response data in those tabs

I believe this is caused by HSTS - see http en wikipedia org wiki HTTP Strict Transport Security If you have developed any other localhost sites which send a HSTS header eg Strict-Transport-Security max-age 31536000 includeSubDomains preload then depending on the value of max-age future requests to localhost will be required to be served over HTTPS To get around this I did the following In the Chrome address bar type chrome net-internals hsts At the very bottom of a page is QUERY domain textbox - verify that localhost is known to the browser If it says Not found then this is not the answer you are looking for If it is DELETE the localhost domain using the textbox above Your site should now work using plain old HTTP This is not a permanent solution but will at least get it working between projects If anyone knows how to permanently exclude localhost from the HSTS list please let me know UPDATE - November 2017 Chrome has recently moved this setting to sit under Delete domain security policies UPDATE - December 2017 If you are using dev domain see other answers below as Chrome and others force HTTPS via preloaded HSTS

Google Chrome redirecting localhost to https

I believe this is caused by HSTS - see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

If you have (developed) any other localhost sites which send a HSTS header...

eg. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

...then depending on the value of max-age, future requests to localhost will be required to be served over HTTPS.

To get around this, I did the following.

In the Chrome address bar type "chrome://net-internals/#hsts"
At the very bottom of a page is QUERY domain textbox - verify that localhost is known to the browser. If it says "Not found" then this is not the answer you are looking for.
If it is, DELETE the localhost domain using the textbox above
Your site should now work using plain old HTTP

This is not a permanent solution, but will at least get it working between projects. If anyone knows how to permanently exclude localhost from the HSTS list please let me know :)

UPDATE - November 2017

Chrome has recently moved this setting to sit under Delete domain security policies

UPDATE - December 2017 If you are using .dev domain see other answers below as Chrome (and others) force HTTPS via preloaded HSTS.

~ Answered on 2015-02-18 14:56:06

Google Chrome redirecting localhost to https

The Solution to Google Chrome redirecting localhost to https is

Most Viewed Questions: