diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs
index 570dc493a9..cb82badc4a 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs
@@ -11,9 +11,9 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
     public class HstsCheck : BaseHttpHeaderCheck
     {
         // The check is mostly based on the instructions in the OWASP CheatSheet
-        // (https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet)
+        // (https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md)
         // and the blog post of Troy Hunt (https://www.troyhunt.com/understanding-http-strict-transport/)
-        // If you want do to it perfectly, you have to submit it https://hstspreload.appspot.com/,
+        // If you want do to it perfectly, you have to submit it https://hstspreload.org/,
         // but then you should include subdomains and I wouldn't suggest to do that for Umbraco-sites.
         public HstsCheck(IRuntimeState runtime, ILocalizedTextService textService)
             : base(runtime, textService, "Strict-Transport-Security", "max-age=10886400", "hSTS", true)