HTTP
HSTS Checker
Check if a site sends Strict-Transport-Security header. Verify max-age, includeSubDomains, preload.
Fetches headers from our server — checks Strict-Transport-Security.
How to use
- Enter a domain, URL, or value relevant to HSTS Checker.
- Run the check and review the output carefully.
- Apply recommended fixes, then run the check again to verify.
Common use cases
- Pre-deployment validation for HSTS Checker.
- Incident triage when security checks fail in production.
- Periodic security review as part of technical SEO and hardening.
Example inputs
https://example.comCommon issues and fixes
No HSTS header
Strict-Transport-Security missing — browsers may allow HTTP first. Add header.
max-age too low
HSTS max-age should be at least 31536000 (1 year) for preload eligibility.
Missing includeSubDomains
Subdomains not protected. Add includeSubDomains for full coverage.
Recommended remediation
Add Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. Enforce HTTPS first.
FAQ
Is HSTS Checker free to use?
Yes. This tool is free and can be used without account registration.
Do you store submitted values?
Only the minimum processing needed for the check. For client-side tools, data stays in your browser.
How should I use these results?
Use the output as a diagnostic baseline, apply fixes in your stack, then re-run the check to confirm remediation.
Related security tools
SSL Checker
Verify SSL/TLS certificate details, issuer, expiry date, and certificate chain for any domain.
HTTP Header Analyzer
Analyze HTTP response headers and check security headers like CSP, HSTS, X-Frame-Options.
CSP Checker
Check Content-Security-Policy. Parse directives, detect unsafe-inline, unsafe-eval.