
Ask HN: Why would using HSTS be a disadvantage? - kaushikt
I came across this well written post about some of the dangers of HSTS - https:&#x2F;&#x2F;www.tunetheweb.com&#x2F;blog&#x2F;dangerous-web-security-features&#x2F;#:~:text=I%20like%20HSTS%2C%20I%20think,slowly%2C%20you%20should%20be%20ok.<p>Even on Cloudflare, when you enable HSTS, it gives you a warning.<p>Generally, I have researched and learnt that HSTS is important to get secure by forcing all communications to happen via HTTPS.<p>So, why is everyone still giving so many warnings? Do orgs have a lot of HTTP setup for let&#x27;s say their APIs or legacy codes still supporting HTTP?
======
detaro
> _I came across this well written post about some of the dangers of HSTS
> [...]_

Doesn't the article give a good explanation of why it recommends caution?

