HSTS (HTTP Strict Transport Security)

Definition

HSTS is a response header that tells browsers to use HTTPS only for a host, blocking insecure HTTP access after the first secure visit.

By Vinespire Editorial Team, Editorial ·

See our sourcing methodology →

TechnicalAI search glossary

This term is part of the full AI search glossary.

Full definition

The Strict-Transport-Security header includes a max-age and may set includeSubDomains or preload eligibility. Once recorded, browsers skip cleartext requests, reducing SSL-stripping and mixed-content risk.

HSTS does not redirect crawlers by itself; sites still need proper HTTPS canonicals and server redirects from HTTP. Misconfigured HSTS on the wrong host can lock users out until max-age expires.

Secure, consistent HTTPS URLs simplify canonical signals and trust for users who open AI citations. See Canonical URL, CDN Caching, and Content Security Policy.

Example

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

← All glossary terms