HSTS checker

Free HSTS Checker — Test for HTTP Strict Transport Security

This tool checks whether a website has HTTP Strict Transport Security (HSTS) enabled. Enter any URL and you'll see whether the site sends the Strict-Transport-Security header that forces browsers to connect only over secure HTTPS.

HSTS closes a real security gap. Even on an HTTPS site, the very first request a browser makes can happen over insecure HTTP before any redirect kicks in — a window an attacker can exploit to intercept or downgrade the connection. HSTS removes that window: once a browser has seen the header, it refuses to connect over plain HTTP at all, automatically upgrading every request to HTTPS. It's a strong signal of a properly secured site and is increasingly expected as a security best practice.

Use this tool to confirm HSTS is active on your own site, to check whether you should add it, and to verify the header survived a server or CDN change. If it's missing, enabling it is typically a single header directive in your server or CDN config. Take care with the max-age and includeSubDomains settings — start with a shorter max-age while testing, since HSTS is intentionally sticky and hard to undo once browsers have cached it.

From one check to a complete audit

This tool checks one thing. Smart SEO Audit checks 50+ — technical, on-page, content and speed — on any URL in under 10 seconds, with an AI-prioritized fix list, scheduled monitoring and Swiss, GDPR-compliant hosting. Start free — 5 full audits a month, no credit card.

Similar tools

SSL Lookup

Get all possible details about an SSL certificate.

HTTP headers lookup

Get all the HTTP headers that an URL returns for a typical GET request.

HTTP/2 Checker

Check whether a website is using the new HTTP/2 protocol or not.

Popular tools