Check if your domain is in the Chrome HSTS preload list, ensuring browsers always use HTTPS — even on the very first visit.
HSTS Preloading goes further than a normal HSTS header — your domain is hardcoded into browsers (Chrome, Firefox, Safari, Edge) so HTTPS is enforced before any HTTP connection is attempted.
To qualify, your domain must serve a valid HSTS header with max-age≥31536000; includeSubDomains; preload and be submitted at hstspreload.org.
Want a full security audit of your site? Run a full site scan →