I use a few tools that create local web server:
These normally work well. I also regularly will use a tunnel to a host on another network, such as accessing an embedded management interface of a device on an isolated network:
desktop:~$ ssh -L 8443:device:443 bastion
bastion:~$
The service on the remote network device is now available locally
via https://localhost:443/. Unfortunately, when I do this, my
local browser will store these HSTS settings for the domain
(localhost, in this case) and complain/fail when one of the
above-listed tools goes to a non-HTTPS URL on localhost, such as
http://localhost:8090 for instant-markdown.
What has consistently worked for me (using Safari on macOS 10.15 and 10.16) are the following steps:
killall nsurlstoraged
rm -f ~/Library/Cookies/HSTS.plist
launchctl start /System/Library/LaunchAgents/com.apple.nsurlstoraged.plist
Followed by a restart of Safari.