SiteTraceKit Glossary

What is HSTS?

HSTS stands for HTTP Strict Transport Security. It is a browser instruction that can reduce accidental use of plain HTTP after a site has been visited over HTTPS.

Short definition

The Strict-Transport-Security header tells supporting browsers to prefer HTTPS for a domain for a defined period.

Simple example

Strict-Transport-Security: max-age=31536000; includeSubDomains

Why it matters for website checks

For sites that rely on HTTPS, HSTS can make transport expectations clearer and reduce downgrade-style mistakes in normal browser use.

Limits

HSTS does not replace a valid certificate, good redirects or careful subdomain planning. Incorrect settings can create operational issues.

What does this mean for website owners?

Use the signal as a starting point for manual review. The website’s purpose, technical environment and actual configuration provide the necessary context.

Security Header Checker - Review common browser security headers such as HSTS, CSP, Referrer-Policy and X-Content-Type-Options.

FAQ

Should every domain use includeSubDomains?

Only when all relevant subdomains are ready for HTTPS. Otherwise the setting can affect services that are not prepared.

Does HSTS fix an expired certificate?

No. Certificates, redirects and server configuration still need to work correctly.

Why does SiteTraceKit show HSTS as a signal?

It is a visible response header that helps explain how a site communicates HTTPS expectations to browsers.

Home · View demo report