Validates HSTS preload header configuration
This checker validates the Strict-Transport-Security header to ensure it's properly configured for HSTS preload inclusion. The checker retrieves the Strict-Transport-Security header, validates max-age, includeSubDomains, and preload directives, and ensures proper configuration for preload inclusion.
This checker validates the Strict-Transport-Security header to ensure it's properly configured for HSTS preload inclusion. It retrieves the Strict-Transport-Security header, validates max-age, includeSubDomains, and preload directives, and ensures proper configuration for preload inclusion.
| Status | Condition | Test Logic |
|---|---|---|
| SUCCESS | HSTS preload configured | Header includes max-ageā„1yr, includeSubDomains, and preload |
| WARNING | HSTS present but incomplete | Header present but missing required preload directives |
| FAIL | HSTS header missing | No Strict-Transport-Security header found |
Security Vulnerabilities: Without HSTS, users may be vulnerable to protocol downgrade attacks and man-in-the-middle attacks. User Data Exposure: Unencrypted connections can expose sensitive user data. Compliance Issues: Many security standards require HSTS implementation.
Add this checker to your monitoring setup and start identifying issues on your websites today.