I have (hopefully) set apache to issue an STS header for all HTTPS traffic as described in How to set HSTS header from .htaccess only on HTTPS
I was hoping to be able to verify that this was working by looking at the response header in chrome dev tools but there doesn't seem to be anything in there related to it:
Is there a way to check that this is functioning correctly? Any help much appreciated.
You can check this is working correctly by looking for the
strict-transport-security
header in the response headers (in the dev tools where you have taken your screenshot).If you try the same request you've made with the dev tools with
https://accounts.google.com/
, for example, you should see an entry like this:You were already on the right track, but there's probably something wrong with the way you've configured your server.