Chrome redirects .dev to https
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
# Chrome Redirects `.dev` Domains to HTTPS: A Deep Dive for Laravel Developers
As a senior developer, I’ve seen countless frustrating debugging sessions where local development environments seem to defy simple logic. The scenario you’ve described—where your virtual host domain, like `myapplication.dev`, is automatically redirected by Chrome to `https://myapplication.dev` despite working perfectly on other machines—points towards a specific interaction between browser security policies and your local server configuration.
This isn't just a cosmetic annoyance; it often signals an issue with HTTP Strict Transport Security (HSTS) or how your local SSL certificates are being handled by the client environment. Let’s break down why this happens and provide concrete steps to fix it, especially within a Laravel/Laragon context.
## Understanding the Redirect: The Role of HSTS
The behavior you are observing is almost certainly related to **HTTP Strict Transport Security (HSTS)**. HSTS is a security mechanism that forces browsers to interact with a website only over secure HTTPS connections. When a site successfully establishes an HTTPS connection, it sends an HSTS header, instructing the browser to *never* connect via plain HTTP again for a specified duration.
When you see Chrome automatically redirecting from `.dev` to `https://`, it suggests that either:
1. A previous session established an HSTS policy for that domain on your specific machine.
2. Your local development setup (Laragon) is enforcing HTTPS internally, and the browser is reacting to this enforcement rather than treating `.dev` as a standard HTTP subdomain.
You correctly attempted manipulating `chrome://net-internals/#hsts`, but if the policy is deeply cached or enforced by system settings, simple deletion might not be enough on its own.
## Practical Troubleshooting Steps
Since you’ve already tried the basic steps, we need to look deeper into the environment where Laravel and Laragon are running.
### 1. Inspecting Local Certificate Configuration
Because you are working locally, you are likely using self-signed or development certificates. In many cases, browsers become confused when they encounter a mix of local HTTP services and enforced HTTPS policies.
**Action:** Check your server configuration within Laragon to ensure that the domain is configured strictly as an HTTP service initially, allowing the client to negotiate the connection based on your desired setup, rather than automatically enforcing a redirect chain. Review your virtual host files (e.g., in Apache or Nginx configurations) to confirm how SSL/TLS handshake is being initialized for these specific `.dev` domains.
### 2. Clearing System-Level Caches (Beyond Chrome)
Since the issue persists across attempts, we need to clear potential system-level caching that might be holding the redirect instruction:
* **Clear DNS Cache:** Flush your operating system’s DNS cache.
* **Check Proxy Settings:** Ensure no custom proxy settings are interfering with local network traffic routing between your machine and the server.
* **Reboot:** A simple reboot can sometimes clear lingering session states that browser tools miss.
### 3. Reviewing Laravel/Application Setup
While the redirect seems client-side, it’s worth ensuring your application isn't inadvertently injecting headers that conflict with standard web serving practices. When building robust applications, adhering to security best practices is crucial. For modern PHP development, understanding these security layers is fundamental, much like following guidelines found on platforms like [laravelcompany.com](https://laravelcompany.com).
If the issue remains after these steps, it strongly suggests a conflict between the local environment’s SSL handling and Chrome’s internal security mandates. In such cases, temporarily disabling HSTS entirely (if possible in your specific setup) or switching to a non-`.dev` subdomain might be the fastest workaround while you investigate the underlying server configuration that is causing the prompt.
## Conclusion
The mystery of the automatic HTTPS redirect on `.dev` domains often boils down to cached security policies interacting with local SSL setups, rather than an error in the Laravel code itself. By systematically checking HSTS settings, system caches, and your local server configuration within Laragon, you can isolate the source of the conflict. Remember, when debugging network-related issues, always consider the entire stack—from the operating system up to the application layer—to find the true root cause.