Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
TLSLow PriorityFree

HSTS Preload Readiness

HSTS preload ensures browsers always use HTTPS for your domain by hardcoding it into browser source code via the HSTS preload list.

Why It Matters

Even with HSTS headers, the first visit to your site is vulnerable to downgrade attacks. Preloading eliminates this window by ensuring browsers never make an HTTP request to your domain.

How We Check

We verify the HSTS header has max-age of at least 31536000 (1 year), includes the 'includeSubDomains' directive, and has the 'preload' directive for preload list eligibility.

How to Fix

Set the HSTS header to: 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload'. Then submit your domain at hstspreload.org. Ensure all subdomains support HTTPS first.

Related Security Checks

Headers

HSTS enabled

TLS

HTTPS enabled

TLS

HTTP to HTTPS Redirect

Check Your Website Now

Run a free security scan to check for HSTS Preload Readiness issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.