Free tool
HSTS checker
Check whether a site enforces HTTPS with a Strict-Transport-Security header — and whether its policy is strong enough for the browser preload list.
Try:
Result for
Strict-Transport-Security header
max-age
includeSubDomains
preload-ready
What is HSTS?
HTTP Strict Transport Security is a response header (Strict-Transport-Security) that tells browsers to only ever connect to a site over HTTPS. Once seen, the browser refuses plain-HTTP connections for the duration of max-age, closing the window for downgrade and cookie-hijacking attacks.
Add includeSubDomains to cover every subdomain, and preload with a year-long max-age to qualify for the browser preload list, which enforces HTTPS even on a visitor's very first request.