Does the Web API force using an encrypted connection using HSTS?

When contacting the API we want to be sure that the connections are secure, does Alloy enforce an encrypted connection end to end when making web requests from the web client or other products?

Yes, Alloy supports HSTS by implementing Strict-Transport-Security headers correctly, more info here: Strict-Transport-Security - HTTP | MDN