From a8702c5c0a70ac96f5360c66a2dd103f2f7709ab Mon Sep 17 00:00:00 2001
From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com>
Date: Thu, 15 Aug 2019 16:40:40 -0400
Subject: [PATCH 1/3] Changed is_hsts() function to check both https endpoints.
 If an https endpoint is live then its HSTS status is used to determine the
 domain's HSTS status.

---
 pshtt/pshtt.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/pshtt/pshtt.py b/pshtt/pshtt.py
index a16debcb..06e19067 100644
--- a/pshtt/pshtt.py
+++ b/pshtt/pshtt.py
@@ -1199,16 +1199,20 @@ def is_missing_intermediate_cert(domain):
 
 def is_hsts(domain):
     """
-    Domain has HSTS if its canonical HTTPS endpoint has HSTS.
+    Domain has HSTS if both https and httpswww endpoints have HSTS when live.
     """
-    canonical, https, httpswww = domain.canonical, domain.https, domain.httpswww
+    https, httpswww = domain.https, domain.httpswww
 
-    if canonical.host == "www":
-        canonical_https = httpswww
-    else:
-        canonical_https = https
+    if not https.live and not httpswww.live:
+        return False
+
+    hsts = True
+    if https.live:
+        hsts &= https.hsts
+    if httpswww.live:
+        hsts &= httpswww.hsts
 
-    return canonical_https.hsts
+    return hsts
 
 
 def hsts_header(domain):

From 7f113b8e4960d17e69458f7c7bdc722b8dc612f6 Mon Sep 17 00:00:00 2001
From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com>
Date: Thu, 15 Aug 2019 16:58:12 -0400
Subject: [PATCH 2/3] If neither https endpoint is live a value of 'None' is
 expected.

---
 pshtt/pshtt.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pshtt/pshtt.py b/pshtt/pshtt.py
index 06e19067..a7985d15 100644
--- a/pshtt/pshtt.py
+++ b/pshtt/pshtt.py
@@ -1204,7 +1204,7 @@ def is_hsts(domain):
     https, httpswww = domain.https, domain.httpswww
 
     if not https.live and not httpswww.live:
-        return False
+        return None
 
     hsts = True
     if https.live:

From 001d14e41e2a1624afa52c112ae9113e506a3778 Mon Sep 17 00:00:00 2001
From: Eric Chudow <43938810+echudow@users.noreply.github.com>
Date: Tue, 20 Aug 2019 09:08:12 -0400
Subject: [PATCH 3/3] Handle None in is_hsts()

The hsts values for any endpoint can be None, so the code needs to gracefully handle when it is None by viewing it as Unknown and only using the other actual values instead.
---
 pshtt/pshtt.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/pshtt/pshtt.py b/pshtt/pshtt.py
index a7985d15..71b82e16 100644
--- a/pshtt/pshtt.py
+++ b/pshtt/pshtt.py
@@ -1206,11 +1206,14 @@ def is_hsts(domain):
     if not https.live and not httpswww.live:
         return None
 
-    hsts = True
-    if https.live:
-        hsts &= https.hsts
-    if httpswww.live:
-        hsts &= httpswww.hsts
+    hsts = None
+    if https.live and (https.hsts is not None):
+        hsts = https.hsts
+    if httpswww.live and (httpswww.hsts is not None):
+        if hsts is None:
+            hsts = httpswww.hsts
+        else:
+            hsts &= httpswww.hsts
 
     return hsts