Bypass HSTS is based on host­names. If a tar­get already vis­it­ed www.supersite.example, you can try to redi­rect the tar­get to a sim­i­lar domain which the brows­er nev­er vis­it­ed before and thus does­n’t has HSTS activated. Rewrite the Host HTTP head­er for your serv­er you want to imper­son­ate and add anoth­er char­ac­ter, e.g. wwww.supersite.example. You pre­pared…