As Mozilla developer documentation says
HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
How to tell browsers to use HTTPS for a domain?
Tricky, user has to visit the site(domain) in https for the browser to know to use only https going forward. Strict-Transport-Security response header over https indicates the browser to use https only for further requests.
Strict-Transport-Security: max-age=expireTime [; includeSubDomains] [; preload]
max-age: The time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS
includeSubDomains: it affects sub-domains as well
preload: should this domain be added to preload list.
preload is not part of the specification but it's needed to tell browsers(Chrome, Safari & Firebox) to include the domain as part of preload list.
Once a domain is added to preload list, browsers redirect to https for the domain without the user ever visited the domain.
How to add a domain to preload list?
Go to hstspreload submission site. It stipulates certain requirements to be met for a domain to be submitted for inclusion. Once verified it goes to pending submission state.
Once HSTS in effect for a domain, browser does blind 307 redirection to https to http, without even the request hitting the server.Below is network capture from Chrome browser for this domain iavian.com