HSTS Test

What is it?

This test will check if your webpage is using the Strict-Transport-Security header.

Pass rate:

Top 100 websites: 82%
All websites: 31%

Pass rates of Top 100 US websites
2021	N/A
2022	85%
2023	82%

100

How do I fix it ?

HSTS stands for HTTP Strict Transport Security and it's a security header that was created as a way to force the browser to use secure connections when a site is running over HTTPS.

When a user connects to a site using HTTPS, the website then encrypts the session with a secure sockets layer (SSL) certificate. One of the flaws associated with HTTPS is that it isn't entirely hack-proof: it leaves your site open to SSL stripping. This often occurs with 301 redirects if a website relies on 301 redirects for switching from HTTP to HTTPS. While this doesn't seem like a big deal, it's those few milliseconds in between you really need to worry about because it leaves the site vulnerable to hackers who try to strip down your SSL certificate. The solution for this issue is to add a Strict Transport Security response header.

An HSTS enabled server can include the following header in an HTTPS reply:

Strict-Transport-Security: max-age=16070400; includeSubDomains

Check your website's SEO for free right now!

Website SEO, Monitoring & Automation Made Easy.

Product

Pricing
Free Tools
Articles
Login
Free 7-Day Trial

Company

Legal