HSTS does prevent downgrade when registered.
BSNL is inserting ads in websites, sending their users to malware sites through malware code injection
- Thread starter CRACING
- Start date
- Featured
- Replies 645
- Views 199,663
HSTS header over http is ignored by a browser. It's a safety feature to prevent man-in-the-middle redirects. So if a browser chooses to navigate to the http version first, there's no way to redirect it except with the webserver response, which is essentially the second step. That's when BSNL injects an ad. What I mean to say is HSTS works only once a browser has navigated to the https version of a website at least once. The next time onwards the browser strictly uses https only to access.
I've noticed these BSNL ads only when I've just cleared my browser history including cache. It's only on the first visit too. Once logged in, and cookies are set, never happens till the next time history, cache and site settings are cleared.
update: I’ve read somewhere a way to avoid this using a particular DNS record. Can’t remember now.
I've noticed these BSNL ads only when I've just cleared my browser history including cache. It's only on the first visit too. Once logged in, and cookies are set, never happens till the next time history, cache and site settings are cleared.
update: I’ve read somewhere a way to avoid this using a particular DNS record. Can’t remember now.
@devikasharma265 on Windows you can try blocking port 80 using Firewall rule like so
then disable https only mode in chrome and see if sites load then
then disable https only mode in chrome and see if sites load then
Last edited:
Don't block ports, there are apps using port 80 for protocols other than HTTP.
Do this on your browser instead, enable "Always HTTPS" and use DNS over HTTPS both chrome and firefox have these in stable releases now on all platforms.
Do this on your browser instead, enable "Always HTTPS" and use DNS over HTTPS both chrome and firefox have these in stable releases now on all platforms.
Right, you can try your best (without messing with OS) to not make request over HTTP, they hijack HTTP and DNS over 53 only.
There are websites that go out of their way "shorten links", add their adware redirect and those "link shorteners" redirect actual links to http (and some internal redirects are explicitly linked to http, idk why), browsers can't do anything if they explicitly ask it to make request over HTTP.
You can manually add your most used domains to HSTS preload list in your browser at chrome://net-internals/#hsts, if nothing else.
P.S: Imgur's website is awful, install a wrapper on phone and make it not redirect on desktop by only sending GET request for "image/*" type.
There are websites that go out of their way "shorten links", add their adware redirect and those "link shorteners" redirect actual links to http (and some internal redirects are explicitly linked to http, idk why), browsers can't do anything if they explicitly ask it to make request over HTTP.
You can manually add your most used domains to HSTS preload list in your browser at chrome://net-internals/#hsts, if nothing else.
P.S: Imgur's website is awful, install a wrapper on phone and make it not redirect on desktop by only sending GET request for "image/*" type.
I will try dns over https and will update
meanwhile i want to tell all that this problem is getting severe.., even while payment through netbanking, some interference is happening and due to that payment is getting failed..
meanwhile i want to tell all that this problem is getting severe.., even while payment through netbanking, some interference is happening and due to that payment is getting failed..
That's weird and means that your browser is still making requests over HTTP which should only happen after your intervention otherwise it should only try for HTTPS and succeed since all payment things are https enabled.
@devikasharma265 Can you share the screenshot from chrome?