TechQA.

Set and check STS Header is present

1.6k views Asked by At

I have (hopefully) set apache to issue an STS header for all HTTPS traffic as described in How to set HSTS header from .htaccess only on HTTPS

I was hoping to be able to verify that this was working by looking at the response header in chrome dev tools but there doesn't seem to be anything in there related to it:

enter image description here

Is there a way to check that this is functioning correctly? Any help much appreciated.

apache .htaccess ssl hsts
Original Q&A
1

There are 1 answers

1
Bruno On BEST ANSWER

You can check this is working correctly by looking for the strict-transport-security header in the response headers (in the dev tools where you have taken your screenshot).

If you try the same request you've made with the dev tools with https://accounts.google.com/, for example, you should see an entry like this:

strict-transport-security:max-age=10893354; includeSubDomains

You were already on the right track, but there's probably something wrong with the way you've configured your server.

Related Questions in APACHE

Related Questions in .HTACCESS

Related Questions in SSL

Related Questions in HSTS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions