HTTP Strict Transport Security (HSTS) tells browsers that they should only ever connect to your website via HTTPS. This tool verifies if the header is present and configured correctly to prevent protocol downgrade attacks.
Ready to scan...
Users might inadvertently connect via HTTP first, allowing attackers to intercept the connection before it switches to HTTPS.
This flag ensures that HSTS protection applies to all subdomains (e.g., blog.yoursite.com) as well as the main domain.