Thomas Steiner :chrome: on Nostr: The HTTP Strict Transport Security (HSTS, ...

The HTTP Strict Transport Security (HSTS, https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) response header field is a mechanism that sites can use to tell the browser not to load a host name over insecure HTTP but to instead use HTTPS. Sounds like a no-brainer, right? But on the Web, we just can't have nice things. Read this problem statement, then cry 😭: https://github.com/explainers-by-googlers/HSTS-Tracking-Prevention?tab=readme-ov-file#problem.