Set and check STS Header is present

1.7k views Asked by At

I have (hopefully) set apache to issue an STS header for all HTTPS traffic as described in How to set HSTS header from .htaccess only on HTTPS

I was hoping to be able to verify that this was working by looking at the response header in chrome dev tools but there doesn't seem to be anything in there related to it:

enter image description here

Is there a way to check that this is functioning correctly? Any help much appreciated.

1

There are 1 answers

1
Bruno On BEST ANSWER

You can check this is working correctly by looking for the strict-transport-security header in the response headers (in the dev tools where you have taken your screenshot).

If you try the same request you've made with the dev tools with https://accounts.google.com/, for example, you should see an entry like this:

strict-transport-security:max-age=10893354; includeSubDomains

You were already on the right track, but there's probably something wrong with the way you've configured your server.