HSTS (HTTP Strict Transport Security)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/hsts/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/hsts/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/hsts/)Use the native HTML custom element.
A security policy mechanism that forces browsers to only connect to a website over HTTPS. The server sends a Strict-Transport-Security response header with a max-age directive. Once a browser receives this header, it automatically upgrades all HTTP requests to HTTPS for the specified duration. The includeSubDomains directive extends protection to all subdomains, and preload allows inclusion in browser built-in HSTS lists.