HSTS (HTTP Strict Transport Security) explained

What it is

HSTS (HTTP Strict Transport Security) is an HTTP response header that tells the browser to use only HTTPS when connecting to your site for a set period. After the first secure visit, the browser will refuse to connect via HTTP, which blocks downgrade attacks and reduces the risk of cookie hijacking on the first request.

Why it matters

Without HSTS, the first visit or any request after the header expires can be sent over HTTP and intercepted. HSTS ensures that once a browser has seen the header, it will use HTTPS only. It is a simple way to enforce encryption and is often required or recommended by compliance and security scans.

How Barrion checks it

Barrion requests your site and inspects the Strict-Transport-Security response header. We check for presence, max-age, and optional includeSubDomains and preload. We report when the header is missing or misconfigured. Passive check only.

Run this check →Fix guide

Related

Secure Your Company's Web Apps

Trusted by CTOs, dev teams, and agencies for compliance monitoring and audit-ready security reports.
Get detailed security reports with actionable fixes in under 60 seconds.

Barrion logo icon

Barrion delivers automated security scans and real-time monitoring to keep your applications secure.

Quick Links

For teams

Company

Contact us

Have questions or need assistance? Reach out to our team for support.

[email protected]
Send email icon

© 2025 Barrion AB (559569-0917) - All Rights Reserved.