I am currently doing some debugging on my website which involves calling the facebook API.

I've installed dnsmasq to work with my mac os X to redirect all request to facebook.com to 127.0.0.1

I have a echo server which will print out all the raw http request header on port 80 on my laptop.

Now comes my problem. When I access facebook.com, I realize chrome will automatically forward http:// to https:// for facebook.com

I googled and found the way of deleting this HSTS issue. I visit chrome://net-internals#hsts to see something like this:

HSTS chrome image

After entering "facebook.com" under "Delete domain", I can still query "facebook.com" in the input box below.

I tried clearing all user data on chrome, closing and reopening chrome and even using incognito mode.

• Why is chrome still redirecting all request to facebook.com to https?

• How can I disable this if chrome://net-internals#hsts is not reliable?

The text next to the Delete domain box on chrome://net-internals/#hsts clearly states that preloaded entries cannot be deleted. This feature request was closed as WontFix in the Chrome bug tracker.

facebook.com and quite a few of its subdomains are included in Chrome's preload list.

You could use another domain name for your tests.

Just make api-calls to facebook-api-test.com, map that domain to localhost and proxy the calls.