Is it me, or does @googlechrome not apply HSTS quite as you'd expect? I've an application (#subsonic) which insists on writing in http frames (the "documented" way around this is java'y and gets lost on upgrade...). They get blocked because mixed content