Testing sites with HSTS Enabled

Hi all,

It’s been a while since i last fired Gatling up (rock solid performance tests clearly!) but i’m having some problems with one of our HTTPS sites that now has HSTS enabled. I’m trying the self-signed mechanism, but then i’m told by Firefox that the “connection is not secure” because of HSTS (“This site uses HSTS… as a result, it is not possible to add an exception for this certificate.”).

I’ve tried the CA method in Gatling, the proxy works for HTTP sites but when trying HTTPS it just sits on “waiting for www.mysite.com…” - not sure what’s happening there, does it sound familiar?

Any help/thoughts for testing against sites with HSTS enabled appreciated, i’m a little surprised the browser knows about it given that Gatling could strip off the HSTS headers in the initial exchange right?