Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
HeadersCritical PriorityFree

HSTS enabled

HTTP Strict Transport Security (HSTS) tells browsers to only access your site over HTTPS, preventing protocol downgrade attacks and cookie hijacking.

Why It Matters

Without HSTS, attackers can intercept the initial HTTP request before it redirects to HTTPS, enabling man-in-the-middle attacks. HSTS ensures browsers never make insecure requests to your domain.

How We Check

We verify the presence of the Strict-Transport-Security header and check for proper max-age value (minimum 1 year recommended), includeSubDomains directive, and preload eligibility.

How to Fix

Add the header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. Start with a short max-age and gradually increase it. Consider submitting to the HSTS preload list.

Related Security Checks

TLS

HTTPS enabled

TLS

HTTP to HTTPS Redirect

TLS

TLS Version

Related Tool

SSL Checker

Run all 10 related checks with our free ssl checker

Check Your Website Now

Run a free security scan to check for HSTS enabled issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.