most sites pull blindly pull and exec JS from their vendors, especially adds / tracking. you don't need a MITM attack on the site, plenty of supply chain issues for which https does nothing.
most sites pull blindly pull and exec JS from their vendors, especially adds / tracking. you don't need a MITM attack on the site, plenty of supply chain issues for which https does nothing.