I recall that subdomains are their own record inside a DNS, which would imply that anyone can claim that their server is a non-existent subdomain of the real domain

    • Elvith Ma'for@feddit.org
      1·
      6 months ago

      Checks own servers

      Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

      Yeah, I’d like to see that…

        • Elvith Ma'for@feddit.org
          1·
          6 months ago

          Yeah, but now you’re talking about communicating with web.archive.org and not nonesense.reputable-bank.com as in the original post. In this case you’re not even trying to hide the fact, that you aren’t affiliated with reputable-bank.com and we’re back to square one and you could also just use reputable-bank.com.some.malicious-phishing.website to host your page.

          Btw: all modern browsers will warn you when you access a non-encrypted website - some immediately, some only when you try to enter data into a login form.