The HSTS standard at its root is to ensure clients always connect to a website over https. While this sounds like a very good idea and something that you might want. Caution needs to be taken as it might block HTTP access to certain pages that actually requires it or needs to be excluded from this.
This is all configured in a response header, and here are two examples:
When testing this, make sure to set a short max-date in case you make a mistake. When you have tested that it works as it should, you can increase the value to 1 year (max-age: 31536000) or 6 months (max-age: 15768000). Max-age is defined in seconds. As you can see, the difference between these examples is the includeSubDomaindirective which blocks all HTTP traffic in the domain, so confirm with your IT/security teams before using it.
There is also a possibility to send a preload directive, but there are further implications of doing that. Read more online before deciding to enable it, and again advise with all areas involved in your organization.
That all said, to enable this in Qlik Sense Enterprise on Windows is relatively simple. First, you need to enable 'Allow HTTP' in the proxy settings.
Next, you will want to choose the virtual proxy that you want the HSTS standard to be set on, and goto the 'Advanced' section of that specific virtual proxy. You will want to add the header: