HSTS (Strict-Transport-Security)

This tells web browsers that it should only use HTTPS connections to view this website.

Websites should use encrypted SSL connections and should set the Strict-Transport-Security Header to an appropriate value to instruct the browser to always use https connections.

This test will check for the existence of this header and will look for a value at least as good as this:

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

If any of the directives are missing, or if the max-age is too low, then a warning will be displayed.

For more information, please read our documentation of the Strict-Transport-Security Header.