Hi,
Per searching, there is no exact HSTS in WinRM related information but only configuring WinRM for Https to encrypt the data being sent across the wire.
Not sure if this is kind of clues but would like to post some searching results here:
- HSTS is the great little response header that tells a browser to always use SSL/TLS to communicate with your site. It doesn't matter if the user, or a link they are clicking, specifies HTTP, HSTS will remove the ability for a compatible browser to use HTTP and will enforce the use of HTTPS.
https://scotthelme.co.uk/hsts-preloading/ - The WinRM protocol considers the channel to be encrypted if using TLS over HTTP (HTTPS) or using message level encryption. Using WinRM with TLS is the recommended option as it works with all authentication options, but requires a certificate to be created and used on the WinRM listener.
https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/user_guide/windows_winrm.rst#winrm-encryption - By default WinRM uses Kerberos for authentication so Windows never sends the password to the system requesting validation.
https://video2.skills-academy.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Hope this helps and please help to accept as Answer if the response is useful.
Thanks,
Jenny