|
|
|
|
|
|
by brlewis
2527 days ago
|
|
|
If you don't use HSTS, you have to be _really_ sure that _all_ your users fully understand the risks of using an unencrypted connection. In the example you gave, wouldn't you have lost all your work anyway without HSTS? I don't think browsers supply an easy way to retry POST to the corresponding http: URL whether HSTS is set up or not. |
|
|
With HSTS, that button goes away in browsers.