I've been playing with HTTP Strict Transport Security (HSTS, I'm late to the party as usual) and there's some misconceptions that I had going in that I didn't know about that threw me a bit. So, here's a no nonsense guide to HSTS.
Over the last few months I've been putting together my talk for the year, based on a blog post that is titled "HTTPS is Hard". You can read the full article on the Yell blog on which it is published. There's also an abridged version on Medium. It's been a very long time coming, and has changed over the time I've been writing it, so I thought I'd get down a few reflections on the article.