Security Lock
Koozai > Blog > HTTP Strict Transport Security

HTTP Strict Transport Security

| 2 minutes to read

HSTS or Strict Transport Security is a standard defined in RFC 6797, by which a web server can declare to a client that it should only be accessed via HTTPS. The web server or crawler will then make all future requests over HTTPS. This will be the case even if following a link to an HTTP URL. From here the SEO Spider shows a Status Code of 307 and a Status of HSTS Policy and a Redirect Type of HSTS Policy.

This redirect is an internal representation in the SEO Spider and the browser. This differs from a 301 or a 302 as it isn’t sent by the web server as its turned around internally. When a webserver declares it should be contacted through HTTPS an expiry on this – this 307 response is ideal as it means temporary re-direct.

Protocol

The HSTS protocol is based on the server sending a single header. This is called a Strict-Transport-Security and is only sent via HTTPS as if sent via HTTP it is overlooked. The header requires 2 associated directives max-age and includeSubDomains.

Max-age is mandatory and lets the server know the number of seconds in which it can only be contacted by HTTPS. IncludeSubDomains is an optional field which if set, signals that HSTS Policy applies to any sub-domains.

Benefits

There are several benefits to using HTTP – > HTTPS Redirect. It reduces the communication over non-secure protocols, reduces load on the web server as well as improving the performance as a round trip is avoided when the HTTP link is encountered.

A site-wide HTTP->HTTPS redirect is still needed due to the Strict-Transport-Security header ignoring this unless it is sent over the HTTPS. If the first visit to your site is not via HTTPS, you still need that initial redirect to HTTPS to deliver the Strict-Transport-Security header. Considering this, you may not expect to see a 307 in the SEO Spider, but makes an HTTP request for the robots.txt file, receives a 301 to the HTTPS version of the site, then receives the Strict-Transport-Security header, so will then report 307 for the first URL crawled. If robots.txt is disabled checking the SEO spider will report a 301.

How to disable HSTS

This can be easily done by unticking: ‘Respect HSTS Policy’ configuration under ‘Configuration > Spider > Advanced’ in the SEO Spider.

The SEO Spider will ignore HSTS completely and report upon the underlying redirects and status codes.

Services

Call us on 0330 353 0300, email info@koozai.com or fill out our Contact Form.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Hannah Maitland

Client Services Manager

Hannah Maitland is a digital marketing pro who knows how to keep both campaigns and clients running smoothly. With over 10 years of hands-on experience in paid media, SEO, CRM, and analytics, she helps brands grow by connecting strategy to real results. As a Client Services Manager, Hannah’s all about building strong partnerships, making the complex stuff simple, and keeping projects on track without losing the human touch. She’s worked across industries—from start-ups to established brands—and is known for blending data-savvy thinking with creative problem-solving. Whether it’s mapping out a new campaign or jumping into a metrics deep-dive, Hannah brings clarity, calm, and a collaborative spirit to every challenge. When she’s not managing client wins, you’ll find her enjoying the beaches of the South Coast with her husband and two dogs.

Hannah Maitland Read more about Hannah Maitland
aspect-ratio
Instagram SEO
Kelly-Anne Crean

Instagram SEO Tips: How to Optimise Your Content

Kelly-Anne Crean
28th Aug 2025
SEO Blog
aspect-ratio
Kelly-Anne Crean

Why You Should Be Tracking AI Traffic and What It Means for SEO

Kelly-Anne Crean
27th Aug 2025
SEO Blog
aspect-ratio
Koozai whitepaper. Mastering AI Search: How to Make Your Brand Unmissable.
Hannah Maitland

How AI Will Affect Client Services in Digital Marketing

Hannah Maitland
26th Aug 2025
Marketing Strategy
aspect-ratio
Joaquin Lopez

What Google’s AI Mode Means for Paid Search

Joaquin Lopez
7th Aug 2025
PPC Blog

Digital Ideas Monthly

Sign up now and get our free monthly email. It’s filled with our favourite pieces of the news from the industry, SEO, PPC, Social Media and more. And, don’t forget – it’s free, so why haven’t you signed up already?