The best prevention is not allowing redirects at all or only
     allowing redirections that keep the hostname intact -- while an
     option for much software, it isn't an option for web browsers.

Partially scratch that -- restricting to ‘keeping hostname intact’ is insufficient, because there could be a DNS record that points 'website via http' to 127.0.0.1, and hence a redirect from https://website --> http://website can change IP addresses from global Internet to local computer.

Best regards,
Maxime Devos.

Attachment: OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to