All SEO checks
Securitywarning
Missing HSTS header
What this check looks for
Checks whether the server sends a Strict-Transport-Security response header over HTTPS.
Why it matters
HSTS tells browsers to only ever connect to your site over HTTPS, which blocks protocol-downgrade and man-in-the-middle attacks that a plain http redirect can't prevent on the first request. It's part of the security posture that reflects a trustworthy, well-maintained site. Only enable it once every subdomain and asset is reliably served over HTTPS, since the policy is cached for the max-age you set.
How to fix it
nginx
# Send only over HTTPS; 2 years, cover subdomains, and be preload-eligible
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;Go deeper
Check your site for this and 120+ other issues
Analyze any URL free