On Tue, Sep 23, 2014 at 11:08 AM, <fhw...@gmail.com> wrote: > So what is the reason to use HSTS over a server initiated redirect? Seems to > me the latter would provide greater security whereas the former is easy to > bypass.
You have it backwards. http://www.thoughtcrime.org/software/sslstrip/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy