The HTTP Strict Transport Security (HSTS) feature is a security policy mechanism that helps to protect against man-in-the-middle attacks by telling web browsers that they should use only HTTPS to connect.

The header is added to all HTTP responses on port 443, specifying a lifetime of one year. Optional properties can be set by adding multi-value property hstsFlags to the locked.properties file. The following values can be set.

Property Value
includeSubDomains Applies to all subdomains of this site.
preload Hint to include this site in HSTS preload lists.
Note: These properties are not set by default because they can affect non-Horizon URLs too. Do not set unless you understand the implications.