I came across this well written post about some of the dangers of HSTS - https://www.tunetheweb.com/blog/dangerous-web-security-features/#:~:text=I%20like%20HSTS%2C%20I%20think,slowly%2C%20you%20should%20be%20ok.<p>Even on Cloudflare, when you enable HSTS, it gives you a warning.<p>Generally, I have researched and learnt that HSTS is important to get secure by forcing all communications to happen via HTTPS.<p>So, why is everyone still giving so many warnings? Do orgs have a lot of HTTP setup for let's say their APIs or legacy codes still supporting HTTP?
> <i>I came across this well written post about some of the dangers of HSTS [...]</i><p>Doesn't the article give a good explanation of why it recommends caution?