T Themerella
Fix Guide

How to Fix a Missing HSTS Header

The HTTPS response does not include Strict-Transport-Security.

Safe public URL scan. Results include technology evidence, SEO checks, security headers, accessibility basics, and a developer fix list.

Recommended fix

Add HSTS after confirming all canonical site traffic works over HTTPS.

This guide is designed to pair with a scanner report. Run a URL scan first, then copy the fix list to your developer or CMS workflow.

Developer task

Set Strict-Transport-Security at the CDN, load balancer, Nginx, Apache, or app server layer.