Hi team, technical one but important considering you’re in the finance space.

Spotted on a hotspot today that blocked me accessing the site due to HSTS but allowed me still to connect and it probably​ shouldn’t.

Hope this feedback helps


Thank you for raising this again.

There seems to be a reluctance to implement HSTS (and CSP) across all of Monzo’s web hostnames. Maybe something has been built that will break if HSTS is added. neither is a silver bullet, but they are baseline application security configuration matters.