Check the presence of the Strict-Transport-Security header and its status in the Chrome preload list.
The HSTS Check tool on 101IP verifies the presence of the Strict-Transport-Security header on your site and analyses its parameters: lifetime, subdomain coverage and the preload directive. It also checks the domain's status in the Chrome HSTS Preload List.
HTTP Strict Transport Security (HSTS) is a mechanism that forces the browser to always connect to a site over HTTPS, even if the user types the address without a protocol. It protects against SSL stripping attacks.
max-age of at least 31,536,000 seconds (1 year);includeSubDomains directive;preload directive.HTTPS being enabled does not automatically mean your server sends the Strict-Transport-Security header. Check your web server configuration (Nginx or Apache) — you may have forgotten to add the add_header directive, or it may be overridden elsewhere. Also make sure you enter the URL with https://, since the HTTP version of a site cannot deliver HSTS.
The preload directive in the HSTS header signals to browsers that the site wants to be included in the HSTS Preload List. Our tool automatically checks whether your domain is already on that list. If it is not, first add the preload directive to the header and then submit an application at hstspreload.org.
If includeSubDomains is enabled with a long max-age, browsers will block access to any subdomain that lacks a valid HTTPS certificate. Temporarily remove the includeSubDomains directive, fix HTTPS on the problematic subdomain, run another HSTS check with our tool, and only then re-add the directive.