Not deploying a simple HTTP header, something that literally every website security scan out there would flag, is apparently not a sign of crappy security practices, folks.
Why is this step necessary? mastodon.at might not be the server where you are registered, so we need to redirect you to your home server first.
Don't have an account? You can sign up here