+net-dev
No. It isn't a reliable way. The same as it is not a reliable way to test HSTS.
The problem is that it assumes a linear connection strategy of an HTTP/1.0 world. That is, that a UA makes a singular connection to a host, performs a full HTTP request, disconnects, (evaluates HSTS policy), creates a new socket, performs a TLS handshake, (evaluates HPKP policy), makes a HTTP request.
That is a simplified model, and, if you're using a very basic command-line tool, how it might behave.
But that is not how browsers behave or have behaved for some time.
- The browser may preconnect sockets
- As you're typing in the location bar
- As soon as it sees the host as a target for a link element in a page
- As soon as you attempt to load the page (e.g. it may create multiple sockets just in case)
- The browser may reuse connections
- Such as with HTTP keep alive
- Such as with HTTP/2 connection pooling
- The browser may have cached the sub resource (I suspect this is why it persists even after restart)
In any event, attaching a chrome://net-internals log to a new bug that you file can help isolate further.