HSTS is a mechanism for forced transition from HTTP to HTTPS. This policy instructs the browser to force all domain addresses from HTTP to HTTPS using the header
Strict-Transport-Security, described in the standard RFC 6797... It is important to take into account that the HSTS policy is cached for a specified period and at this time it will not be possible to return to the HTTP protocol, except for manually clearing the browser security policies.
max-age... Set the parameter to 900 to check the site is working and if everything is in order, you can change it to a higher one.
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
max-age- the period of caching the policy in browsers.
includeSubDomains- apply the policy to all subdomains.
preload- a parameter that guarantees the inclusion of the policy for the domain in supported browsers. Enables changing the HTTP protocol to HTTPS before loading the site.