Non-Authoritative-Reason header field [HTTP]

Question

I\'m having difficulty finding out what it means when I have the response header Non-Authoritative-Reason : HSTS

I have searched a lot but just came up

Answer 1

Some additional info to BazzaDP's answer...

The Non-Authoritative-Reason : HSTS returned in the response is not something you have configured, but rather Chrome itself. Since Chrome hijacks the request, Chrome will also add this particular header to tell HSTS is enabled. Looking at the network tab, you will see the fake 307 response with this header set.

All this is done since you included the Strict-Transport-Security header on your server.

If you want to go all in, here's the HSTS preload list