I am implementing HSTS. The check on https://hstspreload.org/ tells me that it's all good but I serve the HSTS header over HTTP which is unnecessary.
Warning: Unnecessary HSTS header over HTTP The HTTP page at www.domain.com sends an HSTS header. This has no effect over HTTP, and should be removed.
Now, I don't see it as a big problem but the pedantic nature inside me wants to fix it. I saw this thread successfully resolving it but I want to ask how can I achieve this on my IIS. I am running an IIS on Windwos. Any help is reallly appreciated
[EDIT] Some people misunderstood my question so sorry about that. What hstspreload website suggests is that you should only serve the HSTS header over https:// and that it useless to serve it on http:// requests. So my question is **"How do I only serve the header on https:// and not on http:// requests. I have implemented the HSTS header through IIS web.config. **