There was a mild uproar recently about Firefox adding a feature that could allow mozilla to push out extension blacklists or something, or disable extensions entirely for a specific site (for "security" of course). I'd read the details but all I have is a reddit link and all the libreddit instances are ratelimited rn: r/MozillaInAction/comments/14rt5jx/firefox_115_can_silently_remotely_disable_my/
so I just saw an HSTS popup and was reminded: there's already a sorta analagous feature that restrict's the user's ability to make their own decisions on privacy/security matters: HSTS. It prevents users from loading a page without working HTTPS even if they want to take that risk, and it is controlled by the site owner entirely, the user has no say.
I mean sure but like, if https is broken, bypassing the cert check can be useful. with hsts you are at the mercy of the server operator to keep their shit working. if you know the risks you should be able to bypass it.