Y
Hacker News
new
|
ask
|
show
|
jobs
by
hrrsn
2817 days ago
Many sites can be included as HSTS only in Chrome itself, so it wouldn't be entirely useless.
https://hstspreload.org
1 comments
Avamander
2817 days ago
Anyone can preload their domain in Chrome, Firefox and others that share the preload list. I'm not sure what vulnerabilities are left after your site has been preloaded.
link
deaps
2817 days ago
The only vulnerability left would be, as mentioned above, a client installing a browser that doesn't support HSTS.
link
tedunangst
2817 days ago
If your attack relies on getting the user to install your own browser, don't waste your time with a simple HSTS bypass.
link