HSTS (HTTP Strict Transport Security)

HSTS is a security header that tells browsers to only interact with your site using secure HTTPS connections.

Security~1 min read

In plain English

A setting that tells browsers “always use the secure (HTTPS) version of this site,” so even if someone types http:// or clicks an old link, they get the encrypted version.

HSTS (HTTP Strict Transport Security) protects users against man-in-the-middle attacks (like SSL stripping). Once a browser sees this header, it will automatically upgrade all future HTTP requests to that domain to HTTPS, even if the user manually types 'http://'.

Setting HSTS is a powerful step in securing your domain's communications. You can check for HSTS implementation using our HTTP header auditor.

Examples & Usage

Standard HSTS Header

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Try the tools

HTTP header checker SSL certificate checker

Back to glossary

HSTS (HTTP Strict Transport Security)

Examples & Usage

Standard HSTS Header

Related terms

Try the tools