This isn't a "Linux Security" thing, it's more an everything security issue. It's not quite saying that HSTS is bad, but it's complicated.
Rather than try to explain it myself, I'd suggest the following link (which may be a bit more complex than some like):
At the end of the day, and this isn't usually enabled by default, you can resolve this by insisting the browser use https. (There's an add-on or ten for this, but it's likely a browser setting for many of you.)
It looks like this:
Note: HSTS-preload isn't bad. That's not what the article is suggesting. It's a good thing and all sorts of stuff, including wget, support it. Just go enable https only mode and exercise judgement when viewing sites that are still not using https.
Rather than try to explain it myself, I'd suggest the following link (which may be a bit more complex than some like):
At the end of the day, and this isn't usually enabled by default, you can resolve this by insisting the browser use https. (There's an add-on or ten for this, but it's likely a browser setting for many of you.)
It looks like this:
Note: HSTS-preload isn't bad. That's not what the article is suggesting. It's a good thing and all sorts of stuff, including wget, support it. Just go enable https only mode and exercise judgement when viewing sites that are still not using https.
