Protecting Against HSTS Abuse
https://webkit.org/blog/8146/protecting-against-hsts-abuse/ [webkit.org]
2018-03-29 23:41
Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.
source: green