96
what if the hacker provided the public key for https connection?
(www.youtube.com)
This is a most excellent place for technology news and articles.
It would be inherently impossible for HSTS to work on first connection, you are correct.