ToolsAtlas
Simple online tools for developers, networking, text and conversions.

Network Tools

HSTS Checker

Check whether a domain sends the Strict-Transport-Security header.

Tool

Use this HSTS checker to verify whether a domain returns the Strict-Transport-Security header and inspect key values such as max-age, includeSubDomains, and preload. It is useful for HTTPS hardening, security reviews, deployment checks, and header validation.

About this tool

Use this HSTS checker to verify whether a domain returns the Strict-Transport-Security header and inspect key values such as max-age, includeSubDomains, and preload. It is useful for HTTPS hardening, security reviews, deployment checks, and header validation.

Use hsts checker when you need a fast browser-based result without extra setup. It works well for quick checks, one-off tasks, and routine formatting or calculation work.

Learn more

HSTS Checker Guide

Read step-by-step usage guidance, best practices, and common mistakes.

HSTS Checker FAQ

See common questions and answers about input, output, and tool usage.

HSTS Checker Examples

Review practical input and output examples before running the tool.

Related Tools

Find similar and supporting tools for adjacent actions and follow-up tasks.

Why use this tool

How to use

  1. Enter a domain like example.com.
  2. Run the checker to inspect the response headers.
  3. Review whether the Strict-Transport-Security header is present.
  4. Check max-age, includeSubDomains, and preload in the output.
  5. Use the result to decide whether HSTS configuration needs changes.

Examples

Example

Input

example.com

Output

Domain: example.com
HSTS: Present
Header: max-age=31536000; includeSubDomains; preload
Max-Age: 31536000
Include Subdomains: Yes
Preload: Yes

Shows a correctly returned HSTS header with common security directives.

Example

Input

example.com

Output

Domain: example.com
HSTS: Not present

Useful when checking whether a site still needs HSTS to be enabled.

Common errors

A full URL with paths is pasted instead of a clean domain.

Fix: Enter only the domain or hostname, such as example.com.

The site redirects or blocks the request and no HSTS result is returned.

Fix: Retry with the canonical HTTPS domain and confirm the site is reachable.

The header exists only on HTTPS but the test uses the wrong target.

Fix: Check the final secure hostname that serves the HTTPS response.

The domain has HSTS but expected directives are missing.

Fix: Review max-age, includeSubDomains, and preload separately in the output.

FAQ

What is HSTS?

HSTS stands for HTTP Strict Transport Security. It tells browsers to use HTTPS for future requests to the site.

What does this checker look for?

It checks whether the Strict-Transport-Security header is present and reads important directives such as max-age, includeSubDomains, and preload.

What should I enter?

Enter a domain or hostname like example.com.

Why is HSTS useful?

It helps reduce downgrade and insecure transport risks by forcing browsers to prefer HTTPS.

What does includeSubDomains mean?

It means the HSTS policy also applies to subdomains, not just the main hostname.

What does preload mean?

It signals that the domain may be intended for browser preload lists, though preload status itself is a separate process.

Use cases

Related tools