HSTS not fully recognize by SSL scanner

[glencarl]

I am attempting to use flask-sslify==0.1.5 on Heroku with expeditedSSL. I have tried default, and other settings, such as sslify = SSLify(app, age=31536000, permanent=True, subdomains=True). However, each scan gives the same indication that HSTS is not fully working. It was working fine for another site until I upgraded to 0.1.5, and then when I did the earlier version 0.1.3 that had been working. Now, none of the versions are getting an A+ scan.
Any thoughts?
Thanks,
Glen

Site uses HSTS

HTTP Strict Transport Security (HSTS) is a HTTP response header that is set on your web application server. Supporting browsers read the header which contains an expiration max-age value and will NOT reconnect on a plain HTTP connection until the max-age value is exceeded. HSTS prevents a variety of attacks where an intermediary could disrupt or spoof connections.

You'll need to implement this in your application.

More HSTS information at: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

[glencarl]

I just discovered 0.1.4 worked with the scanner. Hopefully, 0.1.6 will work too.

[rykener]

@glencarl see issue #43. The issue you're having is due to the HSTS flag: Strict-Transport-Security not being sent in the header. Therefore there is no HSTS security in v0.1.5 as opposed to just an issue with the scanner you're using.