On GitHub


This form can be used to remove domains from the HSTS preload list.

Removal Requirements

If a preloaded site sends a valid HSTS header without the preload directive, it is considered to be requesting removal from the preload list.

In order to be removed from the HSTS preload list through this form, your site must demonstrate the removal request by satisfying the following set of requirements:

  1. Be preloaded or pending preload through hstspreload.org.
  2. Serve HTTPS with a valid certificate.
  3. Send a valid HSTS header.
    • The header must not contain the preload directive.

Please note that a preload list domain removal may take 6-12 weeks to reach most Chrome users, and may take longer for other browsers.

Disabling HSTS

If you completely want to disable HSTS, you can send the following knockout entry:

Strict-Transport-Security: max-age=0

If you want to be removed from the preload list but do not completely want to disable HSTS, it is up to you whether you would like remove the includeSubDomains directive or change the max-age value, as long as you remove the preload directive.


If you want to remove a domain that cannot meet these requirements, please contact us here and explain your situation.