It's quite telling that infosec people are mostly talking about DNSSEC and what not instead of being like "Wait, you're telling me a cryptocurrency wallet handling millions every day did not deploy HSTS?"
No one's even surprised anymore.
Not deploying a simple HTTP header, something that literally every website security scan out there would flag, is apparently not a sign of crappy security practices, folks.
mastodon.at is open to all users and federates with most instances.
🇩🇪 🇦🇹 🇨🇭 mastodon.at ist offen für alle User und ist mit vielen anderen Instanzen verbunden.