security · security.strict-transport-security.missing
Missing HSTS header
HSTS forces browsers to upgrade HTTP requests to HTTPS automatically, preventing downgrade attacks.
Why it matters
Without HSTS, a man-in-the-middle attacker can strip TLS from the very first request.
Example fix
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Authoritative reference
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
Run a full audit of your site
Free, no signup, no crawl cap. Check this and 40+ other factors across every public page.
Audit my site →