
How HSTS ‘supercookies’ make you choose between privacy or security - kiyanwang
https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/
======
stephenr
Surely this only works if the main page isn't served over https, or mixed-
content protections would just prevent the http tags from loading.

