Hi team,
As per
google_chrome_privacy, ''Chrome will make a
cookieless request to http://www.gstatic.com/generate_204
and check the response code. If that request is redirected, Chrome will open
the redirect target in a new tab on the assumption that it's a login page''.
Strict-Transport-Security: max-age=16070400; includeSubDomains
When the browser sees this, it will remember, for the given number of seconds, that the current domain should only be contacted over HTTPS. In the future, if the user types http:// or omits the scheme, HTTPS is the default. In fact, all requests for URLs in the current domain will be redirected to HTTPS.''
Question is, if there is a ''h
ttp://www.gstatic.com/generate_204'' URL generated by Chrome and if there is a cookie for an HTTPS site that i'm trying to access, would HSTS get triggered ?
Regards,
Chris