Strict transport security when set makes sure the browser doesnt send traffic to domain on http. Always sends the traffic on https. It can be set using the strict-transport-security header in the response, which includes a max-age and other directives like includesSubDomains Another way is to get your certs included into the browser’s prelist.