$ HSTS Checker
Analyze HTTP Strict Transport Security headers. Validate max-age, includeSubDomains, and preload configurations.
100% Client-Side - Your data never leaves your browser
$ hsts_grade
$ parsed_directives
$ preload_eligibility
$ recommendations
$ cat hsts_info.md
Time in seconds the browser should remember to only use HTTPS. Recommended: 31536000 (1 year) or higher.
Applies HSTS to all subdomains. Required for HSTS preload list submission.
Indicates intent to be added to browser HSTS preload lists. Requires max-age ≥ 31536000 and includeSubDomains.
Disclaimer
This tool is for educational purposes only. Before enabling HSTS preload, ensure all subdomains support HTTPS, as this change is difficult to reverse.