Hi, @Joe! Great question. Osquery itself only communicates using https and doesn't interact with the browser directly, so it wouldn't apply on that end. This has definitely sparked conversation with the team about applying HSTS by default to Fleet itself. Please let me know if that doesn't clear things up for you!