Simple online tools for developers, networking, text and conversions.
Network Tools
HSTS Checker Guide
Learn when to use HSTS Checker, how to use it correctly, and how to avoid common mistakes.
What this guide covers
Use this HSTS checker to verify whether a domain returns the Strict-Transport-Security header and inspect key values such as max-age, includeSubDomains, and preload. It is useful for HTTPS hardening, security reviews, deployment checks, and header validation.
This guide explains when to use HSTS Checker, how to get a cleaner result,
and which mistakes to avoid before moving on to related tools or the main tool page.
Why use HSTS Checker
Checks whether HSTS is enabled on a live domain.
Helps confirm that HTTPS hardening is configured correctly.
Useful for security reviews, migrations, and post-deployment validation.
Shows important HSTS values such as max-age and includeSubDomains.
Lets you verify the header quickly without opening developer tools.
How to use HSTS Checker
Enter a domain like example.com.
Run the checker to inspect the response headers.
Review whether the Strict-Transport-Security header is present.
Check max-age, includeSubDomains, and preload in the output.
Use the result to decide whether HSTS configuration needs changes.
Best use cases
Checking whether HSTS is enabled after moving a site to HTTPS.
Validating security headers during a deployment review.
Confirming whether includeSubDomains is active for a main domain.
Reviewing whether a site is configured for stricter transport security.
Common mistakes
A full URL with paths is pasted instead of a clean domain.
Fix: Enter only the domain or hostname, such as example.com.
The site redirects or blocks the request and no HSTS result is returned.
Fix: Retry with the canonical HTTPS domain and confirm the site is reachable.
The header exists only on HTTPS but the test uses the wrong target.
Fix: Check the final secure hostname that serves the HTTPS response.
The domain has HSTS but expected directives are missing.
Fix: Review max-age, includeSubDomains, and preload separately in the output.
Use the tool
Ready to run HSTS Checker? Open the main tool page to enter your input,
generate the result, and copy or download the output.