Sharing some thoughts after staring at some home packet captures. OCSP is as bad for privacy as plain text SNI http://blog.seanmcelroy.com/2019/01/05/ocsp-web-activity-is-not-private/
Why is this step necessary? infosec.exchange might not be the server where you are registered, so we need to redirect you to your home server first.
Don't have an account? You can sign up here