If the form endpoint is https, and the website runs on https, the username will be sent encrypted.
If you are really sure the username is not encrypted (which I doubt), there must be a http URL somewhere posting the data insecure. This can indeed by resolve with HSTS, but this can only be the case if the form is submitted with ajax through a non secure URL, or if the endpoint of the form is http.
Viewing 8 posts - 1 through 8 (of 8 total)
The topic ‘Question before purchase’ is closed to new replies.