Do not include subtomains in STS header.

app/controllers/application_controller.rb

@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
+    headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
   end
 
   def add_gon_variables