Skip to content
loading...

re: Stop trying to take the user's choice VIEW POST

TOP OF THREAD FULL DISCUSSION
re: HSTS is good, especially for high risk applications(such as banking sites). Most websites are using HTTPS anyways, and if they aren't, you should t...
 

Most websites are using HTTPS anyways, and if they aren't, you should think twice about visiting that site.

Thinking twice, yes, I do, but if I know the risks, there are still times when I just want to proceed anyway, especially because often these issues are not an actual indication of danger, just a server misconfigured (or their cert expired, etc).

 

Either way, we need HSTS(especially for high-risk applications): it's not going away. It's the server administrator's job to make sure the server is configured properly, and that certifications are renewed.

Besides, they have a decent lifetime. It's long due a new certification by the time it's been expired.

In fact, it's a good thing they don't permit users to gain access to websites through HTTPS if there's errors. If there are errors, it's likely someone is trying to hijack your communications (which isn't uncommon with proxies or using public WiFi networks), or they don't have their stuff set up properly.

Sure, you have to go out of your way to access those websites, but at least it's protecting the users who don't know what they're doing.

code of conduct - report abuse