Y
Hacker News
new
|
ask
|
show
|
jobs
by
adrr
2126 days ago
Issues with HSTS is that it is opt in. It should be an opt out with a list of legacy sites that ships with the browsers similar to how hsts preloading works.
1 comments
Polylactic_acid
2126 days ago
The option browser vendors are going with seems to be to make http show a full page warning about being insecure. No need to change HSTS now.
link