HSTS is HTTP Strict Transport Security, a mean to enforce using SSL even if the user access the site through HTTP and not HTTPS.
On install and activation the header is inserted into requests, but the setting page does allow one to set any attributes. Users can edit the PHP as a work around. Seems overkill to have a plugin for one security related header, would make sense to offer other headers affecting XSS and sniffing for example.
You must log in to submit a review. You can also log in or register using the form near the top of this page.