How to Check if your Website Contains HSTS Header

0 Comments
Editor Ratings:
User Ratings:
[Total: 0 Average: 0]




This tutorial explains how to check if your website contains HSTS header. You can now easily check out whether your website has the HTTP Strict Transport Security (HSTS) header enabled on it or not. If you’re delivering data or web pages over HTTP connections, then you and your users are probably exposed to various security risks like protocol downgrade attacks and cookie hijacking. But, if your website has HSTS enabled, then the channel gets encrypted and the data is sent over HTTPS reducing the risks of exposing the data. So, if you would like to know if your website contains HSTS header, then this tutorial can help.

There are actually many free web applications available which allow you to easily check HSTS support for websites. I will explain 4 such web applications in this tutorial. You can simply visit these websites and enter your website URL to see HSTS header is present or not. All these web applications are completely free and also super simple to use.


If you’re looking for a way to check how fast is your website performing, then go through our post on Check if HTTP/2 is Supported by your Website.

SSL Server Test:

SSL Server Test is probably one of the best free web applications to check if your website contains HSTS header. Using this website is very easy, as you can simply go to the homepage and enter the target website URL. Once you do that, it will show the result instantly. To know how to exactly use this website to achieve this goal, simply follow the steps explained below.

Step 1: To get started, you would need to go to the homepage of SSL Server Test and there you will see an input field associated with the option named, “Hostname”. Now, all you gotta do is enter the website URL for which you want to check the HSTS availability.

Step 2: After you do that, click on the “Submit” button on the right and then it will start analyzing your website. Once done, it will generate a detailed report for server key, protocol details, handshake simulation, etc. Under the “Protocol Details”, you will see whether your website contains the HSTS header or not.

HTTP Security Report:

HTTP Security Report can also be used to check if your website supports HSTS header. Similar to “SSL Server Test”, this one is also very easy to use. As all you need to do is enter the URL of the website and the HSTS status report in no time. You can follow these simple steps to see the HSTS report.

Step 1: At first, you would need to browse “HTTP Security Report” website and there you will see a search bar. In the search bar, you can enter the URL of the target website, as shown below.

Step 2: After that, simply click on the “Analyze” button on the right of the search bar. When you do that, it will process the website URL and display the result for various components like Iframe Sandbox, Content Security Policy, SSL/TLS, along with the HTTP Strict Transport Security. If your website contains HSTS header, then it will display a Tick or else a Cross.

HSTS Preload:

HSTS Preload is another free website which allows you to check if your website has HSTS header enabled or not. You can open this and then enter any website URL to find the HSTS status report. Similar to other websites, it can generate the result instantly. Now, let us take a look at the steps required to do the same.

Step 1: Go to the “HSTS Preload” homepage and then enter the website URL in the input field. After that, click on the “Check Status and Eligibility” button below the input field.

Step 2: As soon as you do that, it will process the website and show all the errors or misconfiguration. For example, you can see in the below image that the website doesn’t contain the HSTS header.

SecurityHeaders:

SecurityHeaders is another useful web application that helps you find out whether your website contains the HSTS header. Similar to all the other websites explained in this tutorial, this one also lets you simply enter a website URL to see the HSTS status. Now, follow the steps below to do it yourself.

Step 1: After you open this website, simply type the website URL in the search field. When you do that, you can proceed and hit the “Scan” button on the right.

Step 2: This will instantly start scanning your website and show you the result. In the results, it will display various header elements like Content Security Policy, X Frame options, etc. along with Strict Transport Security. If your website doesn’t contain HSTS header, then it will highlight it with a cross and red color, as shown below.

Closing Words:

These are some of the best web application to check if your website contains HSTS header. They make checking HSTS status a breeze for you, as all you need is to enter the website URL and the rest is taken care by these websites. So, if you want to see the HSTS report of your own website, then start using any of these websites right away.

Try them out and leave your comments below.

Editor Ratings:
User Ratings:
[Total: 0 Average: 0]
Free/Paid: Free

Leave A Reply

 

Get 100 GB FREE

Provide details to get this offer