On Thu, Feb 04, 2016 at 03:36:44PM +0000, Alec Muffett wrote:
Perhaps only issuing the header to people who access from an exit node, might reduce that cost?
Even so, and especially then, this sound like an easy way for someone operating a rogue exit node to get persistent MitM on non-HTTPS sites.
Martijn.