diff --git a/app/assets/index.html b/app/assets/index.html
index 341ee3dff827d301d1b8c6ce36c11ebfe1f69ec0..cc5b483ed6c5f931d9e595622f864977906b1954 100644
--- a/app/assets/index.html
+++ b/app/assets/index.html
@@ -16,6 +16,29 @@
   <main>
     <p>
       This page demonstrates how TLS can be abused to track users employing HTTP Strict Transport Security (HSTS).
+    </p>
+    <p>
+      This website uses a large number of subdomains named
+      bXXXX.tls-tracking.sauerburger.com where X represents an arbitrary digit.
+      The subdomains can be accessed via HTTP or HTTPS. If the browser requests
+      the secure connection, the server sets the HSTS policy. This means that
+      the
+      server tells the browser to remember that this subdomain should be
+      accessed only via HTTPS (not HTTP) in the future (usually for one year).
+      If the user enters the HTTP version, the browser automatically rewrites
+      the request from HTTP to HTTPS.
+    </p>
+    <p>
+      Every subdomain represents a single bit. It is either accessed via HTTP or
+      HTTPS. An arbitrary binary identifier can be encoded by accessing the
+      HTTPS version of the subdomains for those bits that are 1. In the future,
+      the same HTTP/HTTPS pattern for all subdomains makes it possible to
+      retrieve and decode the identifier.
+    <p>
+    <p>
+      This page lets you encode an arbitrary string into the HSTS storage of
+      your browser. To delete the HSTS storage and thus the string, you need to
+      clear (recent) browsing history.
     </p>
 		<div id="react-root"></div>
 	</main>