• ShortN0te
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    That is correct. HSTS helps to some degree but the very first request is still unprotected.