Test if your website contains HSTS header.

Check if your site is defending from cookie hijacking & protocol downgrade attacks

About HSTS

HSTS (HTTP Strict Transport Security) help to protect from protocol downgrade attack and cookie hijacking.

HSTS is a security policy which can be injected in response header by implementing in web servers, network devices, CDN.

HSTS policy instruct browser to load website content only through a secure connection (HTTPS) for defined duration.

As you can guess, your website must be accessible over HTTPS to take advantage of HSTS. You can refer this guide to implement HSTS in Apache, Nginx, Cloudflare.

When you are done with the implementation, use this tool verify HSTS header.