atlookup

Glossary Technical SEO

Technical SEO

HSTS

HTTP header that forces HTTPS for all subsequent requests. Adds preload eligibility.

At a glance
Header
Strict-Transport-Security
Recommended value
max-age=63072000; includeSubDomains; preload
Purpose
Force HTTPS for all subsequent visits
Preload list
hstspreload.org
Reference: HSTS header — force HTTPS for two years
# Production-grade HSTS header
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

# Step 1: Start with short max-age (e.g., 300)
# Step 2: Bump to 86400 (1 day) once confident
# Step 3: Bump to 31536000+ (1 year) and submit to hstspreload.org

Why HSTS Matters

HSTS is one of the signals search engines and AI assistants use to evaluate page quality and relevance. Sites that get this right consistently outrank competitors who treat it as an afterthought — especially in 2026, where AI-generated answers favor content with clean technical foundations.

Practically, HSTS shows up in three places:

  • Crawlers and indexers use it to decide whether (and how) to include the page in the index.
  • Ranking algorithms weight it alongside dozens of other signals when deciding position.
  • AI assistants use it as a citation-quality signal when picking which sources to reference.

How to Check HSTS

The quickest way to see whether HSTS is set up correctly on your site:

  1. Run a free atlookup audit — it surfaces every relevant signal automatically across all pages.
  2. Cross-reference with Google Search Console for any related coverage warnings.
  3. For per-page deep dives, run Lighthouse on your top 10 pages.
Audit your HSTS for free

60-second page-by-page report. Every signal scored, prioritized, ready to act on.

Start free audit

Common Mistakes

  • Treating it as one-and-done. Most signals drift over time as themes update, plugins change, and content moves. Audit at least monthly.
  • Fixing symptoms instead of templates. If 100 pages have the same issue, the template is the problem. Fix once at the source.
  • Skipping verification after fixes. Cache layers, CDNs, and stale indexes mean "fixed" rarely means "done" until you re-crawl.

Frequently Asked Questions

What is HSTS?

HTTP header that forces HTTPS for all subsequent requests. Adds preload eligibility. See the full definition above for examples and context.

Why does HSTS matter for SEO?

HSTS affects how search engines and AI assistants understand and rank pages. Sites that get hsts right consistently outrank competitors who treat it as an afterthought.

How do I check HSTS on my site?

Run a free atlookup audit — it surfaces every hsts issue automatically across all pages, with each finding traced to a measurable signal.

How long until fixing HSTS affects my rankings?

Technical fixes typically take 2-8 weeks to register in rankings, depending on crawl frequency. AI Overview citations can shift within days of structural changes.

Is HSTS important in 2026?

Yes. With AI search now answering 40%+ of queries directly, signals like hsts are more important than ever — AI assistants weight them heavily when picking citations.