In bl.ink URL redirection service, as of 2022-07-07 an improperly formatted security header exists in the HSTS support, specifically the header served is "strict-transport-security: max-age=63072000; includeSubdomains;" which contains an extra semicolon (the final one is not needed), this may result in some client ignoring the HSTS header and thus rendering this security protection ineffective. As of 2022-07-08 this issue was corrected with the headers now displaying " strict-transport-security: max-age=63072000; includeSubdomains; preload"