Why You Can Ignore the SEMrush “HSTS on Subdomains” Notice

Why You Can Ignore the SEMrush “HSTS on Subdomains” Notice

When SEMrush flags subdomains not supporting HSTS, it can cause confusion. However, this notice is often low priority, and in most cases, it’s safe to disregard. Here’s why this “issue” isn’t as problematic as it may seem.

What is HSTS?

HSTS stands for HTTP Strict Transport Security. It’s a security feature that prevents visitors from bypassing warnings on pages that lack HTTPS. Without HSTS, visitors might receive a “not secure” warning, but they can still click “proceed anyway.” When HSTS is enabled, that option disappears, which can protect users from potential security risks.

Why SEMrush Flags This Issue

SEMrush categorizes “subdomains don’t support HSTS” as a “notice,” meaning it’s the lowest level of importance in their system. Notices like these aren’t typically critical for your SEO. While they may affect security slightly, SEMrush's prioritization reflects its overall insignificance for site performance.

Why Most Websites Don’t Support HSTS on Subdomains

After over 20 years in SEO, I’ve seen this HSTS notice on every website reviewed since SEMrush introduced it. It’s a common issue, and if every site has it, it’s hard to argue it’s critical to fix. Furthermore, addressing it often requires server upgrades or web host adjustments, which can incur costs with minimal impact.

Should You Fix the HSTS Issue?

For most site owners, fixing this HSTS notice isn’t worth the effort. The process is lengthy, technical, and may even be intimidating. Unless security is a primary concern, addressing HSTS on subdomains doesn’t generally yield noticeable benefits.

Conclusion

In the vast landscape of SEO issues, HSTS on subdomains ranks as a low-priority concern. If you want to explore it further, speak with your web host about security settings—but for most website owners, ignoring this notice is perfectly fine.