Purpose of .wget-hsts file in Ubuntu

There is a file in my home folder named wget-hsts .Does this file send my data to anywhere ? The file content is as follows :

# HSTS 1.0 Known Hosts database for GNU Wget.
# Edit at your own risk.
# <hostname>    <port>  <incl. subdomains>  <created>   <max-age>
raw.githubusercontent.com   0   0   1631759053  31536000
github.com  0   1   1631759053  31536000
github-releases.githubusercontent.com   0   0   1631759055  31536000

Why and How this file is created ? Is it anything harmful

Solution 1:

HTTP Strict Transport Security, HSTS for short, is a mechanism to protect against certain kinds of attacks. HSTS allows web servers to specify that clients should only connect to them with encrypted connections.

Let's look at an example: You use your web browser to go to https://www.some-site.com. Note the https:// protocol prefix, it's an encrypted connection. If the admin of some-site.com has setup HSTS on their server, your webbrowser makes an internal note: "For this domain, only use encrypted connections in the future (until a date specified by the server)". So, if tomorrow you type http://www.some-site.com into your browser (note the unencrypted connection, http://), your browser will automatically "upgrade" to https://www.some-site.com.

As we've seen, your web browser has an internal list with entries like "For domain X, automatically switch to an encrypted connection until date Y". wget can handle HSTS as well, and also automatically "upgrade" connections. But wget has to store the list we've seen above somewhere, and that's what .wget-hsts is for.

According to your .wget-hsts file, you used wget to download something from github.com, for example. The entry was created at the timestamp 1631759053, and it is valid until the timestamp 31536000. HSTS will be applied for connections on any port, and it will be applied for connections to any subdomain of github.com.