HTTP Strict Transport Security
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using secure connections only (such as HTTPS).
Ryan Lackey commented
Yeah, this is really easy to add: just add " Header set Strict-Transport-Security "max-age=500"
Header append Strict-Transport-Security includeSubDomains" headers. I'm tempted to do it myself outside the web config UI.