HTTPS with HSTS
Also known as HSTS · Strict-Transport-Security · secure transport
Serving every page over HTTPS encrypts traffic, and the HSTS response header forces browsers to use HTTPS for all future requests to the domain.
What it is
HTTPS is HTTP over TLS, which encrypts and authenticates the connection between browser and server. HTTP Strict Transport Security (HSTS) is a Strict-Transport-Security response header that tells browsers to only connect over HTTPS for a set max-age, preventing protocol downgrade and SSL-stripping attacks.
Why it matters
HTTPS is a baseline ranking and trust signal, and browsers mark non-HTTPS pages as 'Not secure', which deters users and crawlers. AI crawlers and answer engines favor secure, canonical HTTPS URLs, so consistent HTTPS plus HSTS protects both your rankings and how your URLs are cited.
How to verify
Load the site and confirm the padlock and an https:// URL, then inspect the response headers in DevTools Network tab for Strict-Transport-Security with a max-age. Tools like SSL Labs or securityheaders.com report certificate validity and whether HSTS is correctly configured.
How to fix
Install a valid TLS certificate, redirect all HTTP traffic to HTTPS with 301s, and add a Strict-Transport-Security header such as max-age=31536000; includeSubDomains. Ensure internal links and canonicals use https:// and consider HSTS preload once you are confident every subdomain supports HTTPS.
Related terms
- Certificate ValidityThe site's TLS certificate is valid, trusted, and not close to its expiry date.
- Canonical TagA link element that names the preferred URL for a page so search engines consolidate duplicate or similar versions.
- Page performanceHow quickly and smoothly a page loads and becomes interactive, commonly measured by server response time, HTML weight, and Core Web Vitals.
- Email Authentication (SPF / DKIM / DMARC)DNS records that authenticate your outbound email so mailbox providers can verify it is genuinely from your domain.
Official references
External, opens in a new tab.
Put this into practice.
Work through every check by hand and turn it into a shareable GEO Score report — or scan your site automatically in seconds.