@lamasp @Lisha These actually are not solutions, because they only work for sites using the HSTS preload list. Nothing helps if the HSTS header is provided by the server.
Yeah, this is definitely one of those cases where a bad and malicious spec is actually making people less safe, and ultimately causing them to go use a different web browser sometimes just to view plain HTML pages they know and trust the content of. ...
The problem is that the HSTS spec is malicious by design: The "No User Recourse" provision is a violation of the implicit contract between a user and their web browser, that the browser is a "user agent" working on behalf of the user. Without a way t...
