alt Hacker NewsEven with default https etc, HSTS still adds some defence against MITM - browsers won’t let you even forcibly accept a self signed certificate
Even with default https etc, HSTS still adds some defence against MITM - browsers won’t let you even forcibly accept a self signed certificate
The number of MITM attacks that's thwarted for me remains zero, while sites forgetting to renew their certs despite setting HSTS is a fairly regular occurrence.