Percieved Security on Insta DMs

Hi everyone

how security looks when sending Invite Link via. Instagram DM

A warning message displayed on a dark interface indicates that the website is not using a secure connection, potentially exposing sensitive information like passwords and credit cards to attackers. (Captioned by AI)1206×1279 116 KB

how security looks when sending link to group chat changing the ?…user to /last

A digital security screen displays a padlock icon and a message stating the website is using a secure connection, with options to log in with a passkey or email address. (Captioned by AI)1206×1247 111 KB

this is using the standard install let’s encrypt

this is to show on my root discourse site, that HSTS is enabled

A close-up shot displays text relating to web server configurations, including 'Referrer-Policy', 'Server', and 'Strict-Transport-Security' with values associated with nginx. (Captioned by AI)1056×254 54.5 KB

ask.discourse.com tells me my site has HSTS but also mentions

i have my email on discourse.yourdomain.TLD sub-domain, could this be causing problem?

now this is how the invite link behaves in Chrome Incognito

A close-up of a mobile phone screen displays a 'Security' notification confirming a secure connection with a valid certificate. (Captioned by AI)1206×1064 405 KB

A close-up photograph displays a computer screen showing response headers with various cache, content and security policies listed, including a long string of characters under 'Content-Security-Policy'. (Captioned by AI)1206×622 63.1 KB

the network document (the one that appears at top of a long list) is renamed into the code after \ of invite link