seo site checkup logo
PricingFree ToolsArticles

HSTS Test

What is it?

This test will check if your webpage is using the Strict-Transport-Security header.

Pass rate:

  • Top 100 websites: 82%
  • All websites: 32%
Pass rates of Top 100 US websites
2021

N/A

2022

85%

2023

82%

100

75

50

25

0

How do I fix it ?

HSTS stands for HTTP Strict Transport Security and it's a security header that was created as a way to force the browser to use secure connections when a site is running over HTTPS.

When a user connects to a site using HTTPS, the website then encrypts the session with a secure sockets layer (SSL) certificate. One of the flaws associated with HTTPS is that it isn't entirely hack-proof: it leaves your site open to SSL stripping. This often occurs with 301 redirects if a website relies on 301 redirects for switching from HTTP to HTTPS. While this doesn't seem like a big deal, it's those few milliseconds in between you really need to worry about because it leaves the site vulnerable to hackers who try to strip down your SSL certificate. The solution for this issue is to add a Strict Transport Security response header.

An HSTS enabled server can include the following header in an HTTPS reply:

Strict-Transport-Security: max-age=16070400; includeSubDomains
Check your website's SEO for free right now!

seo site checkup logo
Website SEO, Monitoring & Automation Made Easy.
Product
  • Pricing
  • Free Tools
  • Articles
  • Login
  • Free 7-Day Trial
© SEO Site Checkup 2020-2024 • All rights reserved