On 31 August 2017 at 15:36, Hiltjo Posthuma <hil...@codemadness.org> wrote: > On Thu, Aug 31, 2017 at 03:07:11PM +0200, Anselm R Garbe wrote: >> well ;)), but I'm also a sceptic of HSTS. > > Can you explain why you are a sceptic of HSTS?
I'm sceptic of using HSTS on suckless.org. I think it is superfluous. I really prefer that website visitors perform a *conscious* transition to https urls of suckless.org (after learning about it in our news feed that you wrote) rather than mandating the browser (which might support HSTS) to perform some kind of a "magic" transition instead. Actually the user might not notice at all if his browser supports HSTS. It's kind of an infantilization of the user. Also I dislike the idea that browsers effectively share HSTS information gathered in regular mode even in private (aka incognito) mode (at least I read about this last time I looked into HSTS, which is a while back). BR, Anselm