Observing Microsoft's reports, the Edge browser - and its previous version, Internet Explorer - supports HSTS (HTTP Strict Transport Security) beginning with IE 11 over Windows 7, 8.1 and 10. However, official technical documentation does not exist about how this system works in the browser, how the data is saved nor any other information. Likewise, there is no official documentation about how Firefox and Chrome implement it. Despite this, the truth is that for an attacker, techniques like SSLStrip stopped being fully effective after HSTS and HPKP implementation. A remote attack against HSTS named Delorean was presented some time ago, but it has some limitations. Throughout our research, we have discovered new attacks and new inconsistencies in the web browsers when solving issues related to HSTS and HPKP. Firefox browser has an implementation issue, for which we developed an attack that allows remotely overwriting the storage of the websites with HSTS/HPKP directives. In this way, an attacker can easily take advantage of it during a Sniffing/MITM over the LAN Network and obtain plain text credentials from sites that had set up their communication strictly over HTTPS. Chrome in the same way suffers implementation issues that can hinder notably the use of HSTS/HPKP in the browser. We looked into IE/Edge, the runtime implementation of the API HttpIsHostHstsEnabled from WININET.DLL, gaining the knowledge to know how the invoked methods that resolve domains with HSTS works. Additionally, we found interesting considerations into the storage system (ESE Database) and several implementation issues.