nanoscopic wiki

User Tools

Site Tools

You are here: start » pages » howtos » diagnose » check-hsts-header
pages:howtos:diagnose:check-hsts-header

Table of Contents

, , , , , , , , ,

Check HSTS Header

* Documentation for HSTS

How to check the HSTS header of a Host.

Host without HSTS

curl --head -s https://www.example.com/


HTTP/2 200 
accept-ranges: bytes
age: 319222
cache-control: max-age=604800
content-type: text/html; charset=UTF-8
date: Tue, 19 Jan 2021 22:57:03 GMT
etag: "3147526947"
expires: Tue, 26 Jan 2021 22:57:03 GMT
last-modified: Thu, 17 Oct 2019 07:18:26 GMT
server: ECS (nyb/1D1E)
x-cache: HIT
content-length: 1256

Host with HSTS

curl --head -s https://www.sdk.de/


HTTP/1.1 200 OK
Date: Tue, 19 Jan 2021 22:56:20 GMT
Server: Apache
Content-Language: de
Expires: Wed, 20 Jan 2021 15:32:32 GMT
Cache-Control: max-age=59772
Pragma: public
Strict-Transport-Security: max-age=16070400; includeSubDomains
Vary: Host,User-Agent
Content-Security-Policy: img-src 'self' data: app.usercentrics.eu maps.googleapis.com www.facebook.com www.youtube.com www.google.com google.com *.google.com www.google.de google.de *.google.de rtclauncher.luware.com rtclauncherapi.luware.com maps.gstatic.com *.ressourcenmangel.de ressourcenmangel.de *.google-analytics.com google-analytics.com maps.google.com *.googletagmanager.com googletagmanager.com googleadservices.com googleusercontent.com *.etracker.com etracker.com *.etracker.de etracker.de stats.g.doubleclick.net; script-src 'self' tagmanager.google.com www.google.de app.usercentrics.eu www.youtube.com s.ytimg.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' www.facebook.com connect.facebook.net www.google.com rtclauncher.luware.com maps.gstatic.com *.freegeoip.net freegeoip.net app.usercentrics.eu *.googletagmanager.com googletagmanager.com *.etracker.com etracker.com *.etracker.de etracker.de maps.googleapis.com maps.google.com *.google-analytics.com google-analytics.com *.gstatic.com gstatic.com;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-Frame-Options: ALLOWALL
Content-Type: text/html; charset=utf-8

curl --head -s https://www.sdk.de/ | grep Strict


Strict-Transport-Security: max-age=16070400; includeSubDomains

~~DISCUSSION~~

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
pages/howtos/diagnose/check-hsts-header.txt · Last modified: 2023/01/07 13:01 by The Thing That Should Not Be