securitywarning
HSTS: Force HTTPS and Prevent Downgrade Attacks
The Strict-Transport-Security (HSTS) header tells browsers to always use HTTPS for your domain, preventing protocol downgrade attacks.
Why This Matters
Without HSTS, attackers can intercept the initial HTTP request before redirect. HSTS eliminates this window of vulnerability.
How to Fix
Add Strict-Transport-Security: max-age=31536000; includeSubDomains to your server headers.
Does your website have this issue?
Scan your site in 30 seconds. Get AI-powered fix prompts for every issue found.
Scan Your Website Free →No account required · Results in 30 seconds