Fix
HSTS (Strict-Transport-Security)
HSTS forces browsers to use HTTPS for your domain, preventing downgrade attacks and reducing SSL-stripping risk.
InfoCategory: headers
Recommended fix (typical)
Add the Strict-Transport-Security header at your edge (CDN), reverse proxy, or app server.
Start conservatively, validate subdomains, then increase max-age.
Example header (common starting point)
Strict-Transport-Security: max-age=15552000; includeSubDomains