HTTP Strict Transport Security (HSTS) is a standardized security mechanism with which Nextcloud informs the user's browser to only allow encrypted connections for this domain for a defined period of time (at least half a year) in the future.

As this is a measure that influences the browser behavior of the Nextcloud user, we deliver Nextcloud without this option. We can activate HSTS on request and set the desired time period.