HSTS Header Generator

Q: Is this HSTS Generator tool free?

Yes, this tool is completely free to use with no registration or account required.

Q: Will my site information be stored or logged?

No. The HSTS header is generated locally in your browser; no data is sent to or stored on a server.

Q: What does the HSTS header do?

The HSTS header instructs browsers to only connect to your site using HTTPS, preventing insecure HTTP connections.

Q: Can I customize the max-age duration for the policy?

Yes, the tool allows you to specify the max-age value to define how long browsers should enforce the HTTPS policy.

Q: Does the generated header include the preload directive?

Yes, the tool provides an option to include the 'preload' directive for submission to browser preload lists.

Presets

Basic

max-age=31536000; includeSubDomains

Strict

max-age=31536000; includeSubDomains; preload

Development

max-age=300

Testing

max-age=86400

Configuration

max-age

Time in seconds that the browser should remember to only use HTTPS

includeSubDomains

Apply this rule to all subdomains

preload

Include in browser preload lists

Security Level

High

Your HSTS configuration provides strong security

Generated Header

Strict-Transport-Security: max-age=31536000; includeSubDomains

Server Configuration

Implementation Steps

Ensure your site has a valid SSL/TLS certificate
Test your site with HTTPS to ensure all resources load correctly
Add the HSTS header to your server configuration
Restart your web server to apply changes
Test the header using browser developer tools or online tools
Consider submitting your site to the HSTS preload list if using preload

Testing Tools

Browser Developer Tools

Check the Response Headers in the Network tab

curl Command

curl -I https://yoursite.com

Online Tools

securityheaders.com, ssllabs.com, hstspreload.org

Common Issues

Certificate Errors

Browsers will ignore HSTS if the certificate is invalid

Mixed Content

HTTP resources on HTTPS pages will cause security warnings

Too Long max-age

Start with a shorter max-age during testing

How to use HSTS (HTTP Strict Transport Security) Generator

Enter your desired max-age value for how long the policy should be cached.

Select any additional directives you want to include, like preload or includeSubDomains.

Click the 'Generate' button to create your HSTS header.

Copy the generated header and implement it in your web server configuration.

Why Generate a Secure HSTS Header?

Implementing a correctly configured HSTS (HTTP Strict Transport Security) header is a critical security best practice that instructs browsers to only connect to your site over HTTPS, preventing protocol downgrade and man-in-the-middle attacks. This ensures long-term security for your users' data and helps build trust.

HSTS Header Generator

Presets

Configuration

Security Level

Generated Header

Server Configuration

Implementation Steps

Testing Tools

Common Issues

How to use HSTS (HTTP Strict Transport Security) Generator

Features

Who Is This Tool For?

Why Generate a Secure HSTS Header?

Frequently Asked Questions

Is this HSTS Generator tool free?

Will my site information be stored or logged?

What does the HSTS header do?

Can I customize the max-age duration for the policy?

Does the generated header include the preload directive?

Related Tools