Talk:Downgrade attack

HSTS summary wording
The article currently says "" but I wonder if this is poorly worded. As I understand HSTS it's more about the client side or user agent as this says. Which this text sort of implies but the server but seems to have the potential to mislead. The point of HSTS and MITM downgrade attacks on HTTPS at least as I understand it, is that it can be one sided. The server may refuse to accept HTTP connections (other than to tell the client to use HTTPS). But this may not help if the client (including any human element) is willing to connect over HTTP since the MITM can make the secure connection to the server and then forward this to the client as HTTP. Nil Einne (talk) 08:19, 30 March 2022 (UTC)

https
I'm only one person who had rather stay on the https page than any other. So what browser do I need to do just that 2600:6C5D:577F:BB0D:6005:670E:F34C:7F05 (talk) 15:45, 16 November 2022 (UTC)