Check a Website
Enter a URL to run a scan and review relevant security signals.
What It Is
HSTS is a security header that tells browsers to always use HTTPS for a site.
Why It Matters
It helps prevent SSL stripping attacks and accidental HTTP usage.
How to Fix
- Serve your site over HTTPS.
- Add the Strict-Transport-Security header (start with a small max-age).
- Only enable includeSubDomains/preload when you're confident.