HttpFixerErrors → HSTS Header Missing

HSTS Header Missing

HSTS tells browsers to use HTTPS-only for your host and optionally include subdomains. Without it, users can be downgraded to HTTP on first visit or evil twin networks. Security scanners flag missing HSTS as high severity.

Start with a modest max-age, preload only when every subdomain serves TLS correctly, and use a staging hostname to test before prod. HeadersFixer shows whether your live site already emits HSTS and the exact snippet for your stack.

Related: HSTS (glossary) · Fix headers (Nginx) · HttpFixer vs security header checkers
Open HeadersFixer →