What is HSTS

HSTS – or HTTP Strict Transport Security – is a critical security mechanism for websites.

Importance Rating of 10/10

It ensures that a web browser always connects to a website via a secure HTTPS connection, instead of an insecure HTTP connection.

This vital protocol helps prevent various security vulnerabilities, such as session hijacking or man-in-the-middle attacks. Implementing HSTS on your website is important because it enhances user privacy and protects sensitive information exchanged during online transactions.

By enabling HSTS, you advise the browser to automatically request a secure connection every time someone visits your site, eliminating the risk of being redirected to a potentially dangerous or fake version of your website.

What does HSTS mean for SEO?

Search engines, like Google, prioritize secure websites and consider HTTPS as a ranking factor. By implementing HSTS, you not only enhance your website’s security and protect user data, but you also improve your SEO efforts.

An illustration showing a person holding a gear indicating fixing a website

When search engines see your site consistently redirecting to HTTPS through HSTS, they consider it a positive signal. This can result in better rankings, increased visibility, and improved organic traffic.

People tend to trust secure websites more, which can lead to higher engagement, lower bounce rates, and an overall positive user experience.

Therefore, by embracing HSTS, you not only bolster your website’s security but also strengthen your SEO strategy, making it an essential element in achieving online success.

How To Setup HSTS


  • Install and activate the Simple HTTPS Redirect plugin.
  • In the plugin settings, check the “Enable HSTS” option and adjust the max-age and other HSTS header options.
  • The plugin will add the HSTS header to all requests.


  • There is no setting in Squarespace currently to enable HSTS. You would need to upgrade to a Business plan and submit a request to Squarespace Support to have it enabled on the server level.


  • In Shopify admin, go to Settings > Checkout and toggle on the “Enable HTTP Strict Transport Security” setting.
  • This will set a max-age value of 31536000 seconds (1 year).
  • Shopify will now send the HSTS header on all requests.

5/5 on Google
Tresseo is a Canadian Website services company in Ottawa, Canada.
All rights reserved © 2024 TRESSEO