Strict-Transport-Security
The HTTP Strict-Transport-Security response header (often abbreviated as
HSTS) is a security feature that lets a web site tell browsers that it should only be
communicated with using HTTPS, instead of using HTTP. Syntax
Strict-Transport-Security: max-age=<expire-time>
Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
Strict-Transport-Security: max-age=<expire-time>; preload
Orchestra default configuration
Strict-Transport-Security: max-age=31536000; includeSubDomains
Explanation: All present and future subdomains will be HTTPS for a max-age of 1 year. This blocks access to pages or sub domains that can only be served over HTTP.