Firefox is not clearing HSTS "cookies" when closed after a private session

privacy firefox

Solution 1:

HSTS cookies are special. They tell your browser that that site should always be connected with https. They do have an expiry date and they will expire on that date, if you visit that site before expiry then the site could update the cookie expiry date.

This what should happen, it is not a fault.

The reason is that this is protecting you against a man in the middle attack, that could be intercepting all of your traffic. They could change the code in the pages sent from the site to change all the https:// into http:// and you browser would just accept that. So when you are entering your password that traffic will be sent in the clear.

The rush to move to using https:// by sites left this hole, and HSTS was the solution. So if you ever connected to that site securely then it would set the HSTS cookie, and your browser would insist on using https:// for every connection even if the html said http://

Related

Filesystem failing to mount on boot, but OK when mounted manually
VLC Player: effects and filters not working with mp4 videos
Connect to a VPN (OpenVPN) from a docker service on swarm
Automatically mute speakers when headphones are unplugged
Is there a tool or plugin that enables menu search on windows, like on the mac?
Upload only modified files to FTP server
Tool to find which programs are using keyboard hooks?
Can I customize Chrome / Chromium interface elements?
Strip path segment while extracting using 7zip?
Windows 7 will not automount (assign a letter) a flash drive, behaves really strange
Does upgrading a Windows 7 OEM licence to Windows 8 remove the OEM restrictions?
Is Windows caching the URLs of internet shortcut files?