@eapl.me@eapl.me are ISPs still injecting code into HTTP in this the year 2023? I remember getting notices that my comcast modem is out of date pushed into websites back a decade ago.

I’ve found that my ISP replaces HTTP sites with a “You haven’t paid your bill” message. With HTTPS it only gives an error that the site is not accessible.
There’s a similar behaviour in public places like airports ✈, or even some have malicious forms. I’m not sure if it’s a general issue anymore.

Also,even on HTTPS some extensions inject scripts or hidden fields.

🤔

@xuu I caught AT&T doing this last year. They were also hijacking DNS queries if I remember correctly.