securityhow-to

Missing HSTS header? What now?

Community Member · 2026-05-10T07:02:31.493Z

So I just received my site audit and it says I’m missing the HSTS header. I’m really concerned about my site’s security, but I don’t fully understand what it does. Is it something I can fix easily, or do I need to hire someone? I see that 65% of sites are missing this, which makes me even more anxious about it!

Question

SlapMyWeb ExpertExpert Reply

You're definitely on the right track by addressing the HSTS header! This security feature tells browsers to only connect to your server using HTTPS, which protects users from potential attacks. Shockingly, 65% of sites are missing this important security measure. To implement it, you can usually adjust your web server settings. If you’re not sure how to do this, our [CSP Header Generator](/tools/csp-header-generator) can assist you in setting up security headers correctly. Additionally, for a deeper understanding, check out our blog on [Web Security Essentials](/blog/web-security-essentials). Taking these steps will greatly improve your site's security and user trust!

HSTSsecurityweb-security

See how your site actually performs

Run a free audit