Closed philpursglove closed 2 years ago
To be technically correct, the Strict Transport Security header should only be sent over https. Sending it over http doesn't affect our rating on SecurityHeaders.com, but we want to follow the spec...
To be technically correct, the Strict Transport Security header should only be sent over https. Sending it over http doesn't affect our rating on SecurityHeaders.com, but we want to follow the spec...