[HTTPS-Everywhere] tlscompare.org - for Science!!!
Jacob Hoffman-Andrews
jsha at eff.org
Tue Jul 21 14:01:51 PDT 2015
On 07/21/2015 05:30 AM, Maxim Nazarenko wrote:
> Unsecure connections can be MITMed easily. If the site is not HSTS
> preload list, the corresponding rule should stay.
It sounds like you are talking about sites that redirect from HTTP to
HTTPS. I think Dave Warren is talking about something else: A site that
forcibly redirects from HTTPS to HTTP. We can't include these in HTTPS
Everywhere because the site would fail to load.
More information about the HTTPS-Everywhere
mailing list