HSTS stands for HTTP Strict Transport Security. It defines an HTTP header read while using HTTPS schemes (ignored in plain-text HTTP), that instructs the browser to prefer using an encrypted HTTPS over HTTP, helping protect against HTTPS downgrade attacks.
The following Apache configuration snippet requires mod_headers to be installed and loaded:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS