Y
Hacker News
new
|
ask
|
show
|
jobs
by
Avamander
2816 days ago
Anyone can preload their domain in Chrome, Firefox and others that share the preload list. I'm not sure what vulnerabilities are left after your site has been preloaded.
1 comments
deaps
2816 days ago
The only vulnerability left would be, as mentioned above, a client installing a browser that doesn't support HSTS.
link
tedunangst
2816 days ago
If your attack relies on getting the user to install your own browser, don't waste your time with a simple HSTS bypass.
link