HSTS (Strict-Transport-Security)
This tells web browsers that it should only use HTTPS connections to view this website.
Websites should use encrypted SSL connections and should set the Strict-Transport-Security Header to an appropriate value to instruct the browser to always use https connections.
This test will check for the existence of this header and will look for a value at least as good as this:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
If any of the directives are missing, or if the max-age is too low, then a warning will be displayed.
For more information, please read our documentation of the Strict-Transport-Security Header or read our in-depth article about Security Headers.
Ready to validate your website for this test and 100+ others?