Re: lesser threat
> HSTS or whatever that thing is called
Respectfully, it doesn't sound particularly reassuring that in a discussion about TLS proxies someone would not be familiar with HSTS.
> I don't expect browsers to submit data until that exception is granted but they might, I haven't checked myself.
Neither does this sound reassuring but nonetheless, thank you for being honest about your own capabilities.
