Why did Facebook not use HSTS for a long time after it became available?

Published: 25/09/2018
Why did Facebook not use HSTS for a long time after it became available?
Source: SECURITY.STACKEXCHANGE.COM

(Note that Facebook now does use HSTS. The question was asked at a time when they didn't.) To force a browser to always go directly to HTTPS for a website (and not rely on 302 redirects from the HTTP version), HSTS ( HTTP Strict Transport Security ) can be used. To tell the browser that a website should always be visited using HTTPS a, 'Strict-Transport-Security' header can be sent in the HTTP

Read more
Related news
Comment
FACEBOOK