The issue specifically is that we need to add a HSTS derivative for max-age and includeSubDomain. Specifically, our security department scans said that our Squarespace site (www.praxiseng.com) is not following HSTS security best practices because we do not include HSTS attributes to include "max-age=31536000; includeSubDomains;".