@kensanata If I may help/forward the word I'll do.
What browser/OS/extensions are you using?
@Sphinx_Pouet Sure! I'm using PureBrowser 60.7.1esr (64-bit), and the add-ins I use are:
HTTPS by default
This is not going to be easy to debug, I fear! 😃
@kensanata yes (and the "multi-path" survey won't make it easier...)
I'll try to reproduce (not promising anything here) and will report a bug with the info
Given the lifespan of the survey and the fact that it's a third party tool (from an MDN point of view), I'm not sure things will be fixed by the end :/
@Sphinx_Pouet Sure, that makes sense.
The latter does allow a MitM vector without HSTS, but HTTP-by-default also does. And interestingly Apple had to implement fixes so HSTS didn't provide a tracking vector, as it allowed websites to store one bit per domain.