HSTS (HTTP Strict Transport Security) Test


Verify if HSTS is enabled and the browser preloads content only through HTTPS.

Twitter Icon
Facebook Icon
LinkedIn Icon
Whatsapp Icon

HSTS TestIcon


  • Browser icon

    IP Address

  • Report icon

    Test Time

  • Thu, (GMT 00:00)


Couldn't find the HSTS header in the response headers.



About HSTS

HSTS (HTTP Strict Transport Security) helps to protect from protocol downgrade attacks and cookie hijacking.

HSTS is a security policy one can inject into the response header by implementing it in web servers, network devices, and CDN. This instructs the browser to load website content only through a secure connection (HTTPS) for a defined duration.

As you can guess, your website must be accessible over HTTPS to take advantage of HSTS. You can refer to this guide to implement HSTS in Apache,Nginx, and Cloudflare.

Once implemented, you can head back to our tool to verify HSTS.

FAQs - Frequently Asked Questions

How does HSTS work?

HTTP Strict Transport Security (HSTS) is a crucial security feature. It instructs your browser to always use the secure HTTPS connection, even if you type the URL with HTTP. This encryption shields your data from prying eyes, safeguarding your privacy. Here's how it works:

When you visit an HSTS-enabled website, the server sends a special header to your browser. The header tells your browser to always use HTTPS for that site in the future. Your browser remembers this instruction and ensures secure connections automatically. HSTS defends against attacks like man-in-the-middle and protocol downgrades. To enhance your security and privacy online, look for websites with HSTS enabled. Stay safe while browsing!

Does HSTS impact website performance?

To be accurate, Yes!! There's a considerable amount of impact on the performance of the website. But according to the professional community, it isn't vital! There's also a highlight that is not ignorable: it can improve performance by reducing redirects using efficient encryption methods. The above discussion concludes that website owners should implement HSTS to enhance security without worrying about performance.

What information does an online HSTS tool provide about a website's HSTS configuration?

Our online HSTS Test Tool will be beneficial as an observer. It will help you check if a website uses HSTS or not! With this tool, you will be able to spot directives like **max-age (**Duration in seconds to request a site over HTTPS automatically),the expiration date of the security policy, whether it includessubdomains , and if the website qualifies for a special " preload" list. It's handy for website owners and users to ensure secure browsing.

What steps should I take if I encounter HSTS-related issues on my website?

The error might be of any kind or might be of any type. Therefore, I would suggest three ways to get above it.

  • You can check your SSL certificate
  • Try a different browser
  • Delete the HSTS cache

If errors persist, contact your hosting provider to get their hands on it.

More tools for your Website

Make sure your website is in top shape with Domsignal - explore the suite of performance, SEO and security metrics testing tools now!

Enterprise-readyAPIsfor businesses of all sizes.

Latest Articles

Browse All Articles

Power Your Business



Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

Try Now


Managed WordPress hosting that prioritizes your business and reputation by providing topnotch service

Try Now


Cloud Computing Platform for small to enterprise to host web applications, complex apps, mobile apps, and more.

Try Now


Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.

Try Now