HSTS
HSTS (HTTP Strict Transport Security) is a security response header that instructs browsers to only ever connect to a site over HTTPS. ScanMalware records it from the Strict-Transport-Security header.
HSTS is a positive hardening signal that helps prevent protocol-downgrade and cookie-hijacking attacks, though it does not vouch for the content of the site itself — a phishing page can set HSTS too.
Commonly deployed alongside HSTS
Of the 92,294 public scans where HSTS was detected, these are the technologies most often present on the same site. The share is the percentage of HSTS sites that also ran each one.
| Technology | Category | Share of HSTS sites |
|---|---|---|
| HTTP/3 | wappalyzer | 32.9% |
| X-UA-Compatible | miscellaneous | 32.41% |
| Open-Graph-Protocol | miscellaneous | 31.96% |
| Cloudflare | wappalyzer | 27.06% |
| jQuery | wappalyzer | 25.63% |
| Cloudflare Bot Management | wappalyzer | 22.87% |
| MetaGenerator | miscellaneous | 20.86% |
| Script | miscellaneous | 20.09% |
| Google Analytics | wappalyzer | 19.3% |
| JQuery | miscellaneous | 17.57% |
| PHP | wappalyzer | 15.78% |
| Google Tag Manager | wappalyzer | 15.44% |
| PoweredBy | miscellaneous | 13.85% |
| WordPress | cms | 12.06% |
How ScanMalware detects HSTS
HSTS is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that HSTS is present, but how it is being used. Open the full search interface for HSTS →
Recent public scans featuring HSTS
A rolling sample of recent public scans where HSTS was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Forskarskattenämnden - Forskarskattenämnden https://www.forskarskattenamnden.se | 2026-06-16 |
| Comune di Lograto https://www.comune.lograto.bs.it | 2026-06-16 |
| Unione Montana Alta Val di Cecina https://www.umavc.it | 2026-06-16 |
| Home page | Comune di Muros https://www.comune.muros.ss.it | 2026-06-16 |
| Comune di Lanzada - Homepage https://www.comune.lanzada.so.it | 2026-06-16 |
| Comune di Furnari - Home Page https://www.comune.furnari.me.it | 2026-06-16 |
| Municipality of Challand-Saint-Victor https://www.comune.challand-st-victor.ao.it | 2026-06-16 |
| Social Security Processing Times Texarkana TX - Social Security Texarkana TX https://socialsecurityofficetexarkana.com/processing-times | 2026-06-16 |
Frequently asked questions about HSTS
- Does using HSTS mean a website is unsafe?
- No. HSTS is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using HSTS can be perfectly safe or actively malicious.
- How many sites using HSTS has ScanMalware scanned?
- HSTS has been detected in 92,294 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with HSTS?
- Across scanned sites, HSTS is most often seen alongside HTTP/3, X-UA-Compatible and Open-Graph-Protocol. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.