ascott1
commented
8 years ago 👍 Good catch. This site is a place where I should be eating my own dog food.
I'm going to start with the badgering option, since most of my free time is going in to writing the titles.
graingert
https://www.ssllabs.com/ssltest/analyze.html?d=ethicalweb.org
And I know why - it's a CloudFront and S3 application. There's no way to do HSTS with that setup, because neither the S3 origin nor CloudFront lets you add custom headers.
If you intend to have ethicalweb.org support HSTS, you'll need to move the app somewhere else. Otherwise, perhaps you could badger AWS as a customer to add explicit HSTS support to S3 websites or to CloudFront.