|
|
|
|
|
|
by C4K3
2982 days ago
|
|
|
No they wouldn't, without HSTS a bad actor (public wifi) could just do an SSL strip attack. Sure, observant users would notice that the page isn't over https, and with browsers adding warnings on all http pages, that'll become more obvious, but it's still not something most people notice. Are you thinking of HPKP? |
|
|
Now I need to re-read the whole thread with this context. Thanks for the correction!