What is HSTS? It stands for HTTP Strict Transport Security. Simply speaking, HSTS is a method that allows the browser to do http to https redirect.
Why use HSTS? Security! As explained above, the http traffics only stay inside the machine, so it reduces the risk of exposing sensitive information in plain text to the Internet.
To enable HSTS in Akamai. There are two things need to be done.
First, enable http to https redirect.
Second, modify the outgoing response header to add the Strict-Transport-Security header, and set its max-age=2592000. max-age is counted in seconds, so 2592000 is 30 days. One year/ 365 days would be 31536000 (the longer the safer).
Let’s see the difference:
Before the change, the redirect code is 301
After the change, the redirect code is 307. What does 307 mean?
In my example, I use Chrome. Chrome does a fake 307 redirect. To delete the HSTS setting for the site, you can go to chrome://net-internals/#hsts