How to check the HSTS header of a Host.
curl --head -s https://www.example.com/
HTTP/2 200 accept-ranges: bytes age: 319222 cache-control: max-age=604800 content-type: text/html; charset=UTF-8 date: Tue, 19 Jan 2021 22:57:03 GMT etag: "3147526947" expires: Tue, 26 Jan 2021 22:57:03 GMT last-modified: Thu, 17 Oct 2019 07:18:26 GMT server: ECS (nyb/1D1E) x-cache: HIT content-length: 1256
curl --head -s https://www.sdk.de/
HTTP/1.1 200 OK Date: Tue, 19 Jan 2021 22:56:20 GMT Server: Apache Content-Language: de Expires: Wed, 20 Jan 2021 15:32:32 GMT Cache-Control: max-age=59772 Pragma: public Strict-Transport-Security: max-age=16070400; includeSubDomains Vary: Host,User-Agent Content-Security-Policy: img-src 'self' data: app.usercentrics.eu maps.googleapis.com www.facebook.com www.youtube.com www.google.com google.com *.google.com www.google.de google.de *.google.de rtclauncher.luware.com rtclauncherapi.luware.com maps.gstatic.com *.ressourcenmangel.de ressourcenmangel.de *.google-analytics.com google-analytics.com maps.google.com *.googletagmanager.com googletagmanager.com googleadservices.com googleusercontent.com *.etracker.com etracker.com *.etracker.de etracker.de stats.g.doubleclick.net; script-src 'self' tagmanager.google.com www.google.de app.usercentrics.eu www.youtube.com s.ytimg.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' www.facebook.com connect.facebook.net www.google.com rtclauncher.luware.com maps.gstatic.com *.freegeoip.net freegeoip.net app.usercentrics.eu *.googletagmanager.com googletagmanager.com *.etracker.com etracker.com *.etracker.de etracker.de maps.googleapis.com maps.google.com *.google-analytics.com google-analytics.com *.gstatic.com gstatic.com; X-XSS-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade X-UA-Compatible: IE=edge X-Content-Type-Options: nosniff X-Frame-Options: ALLOWALL Content-Type: text/html; charset=utf-8
curl --head -s https://www.sdk.de/ | grep Strict
Strict-Transport-Security: max-age=16070400; includeSubDomains
~~DISCUSSION~~