|
|
|
|
|
|
by mguillemot
4904 days ago
|
|
|
It prevents anyone controlling the DNS resolvers of your clients to redirect to faked HTTP website (of course, only for those of your clients who already visited your real website). Imagine you're using my WiFi connection. Without HSTS, I could redirect you to a fake http://www.facebook.com to steal your login credentials if you do not notice the login page is not served over HTTPS (and let's be realistic: most non-technical people won't notice something that's supposed to be there, but is not). |
|
|