Security Center: Showing DNS Records as Insecure


So the Security Center is showing all of my DNS records as “HTTP Strict Transport Security (HSTS) not enforced”.

Detection method
We have made HTTP and HTTPS requests to your hostname to check for the presence of the Strict-Transport-Security header in the response. We have not detected the correct header in the response.

Is this something I can just ignore or is there a way I can enforce HSTS?

EDIT: I have HSTS enabled and our site is on the preload list via Chromium and others.


A post was merged into an existing topic: Exposed RDP and HSTS not enforced