Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.
Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.
That makes me realize, what kind of country doesn’t cobtrol it’s dns space’s encryption certificates. That’s a major oversight.