Skip to content

HTTP Strict Transport Security (HSTS)

Test Case for Strict Transport Security (HSTS) headers

Given

  • HTTP GET or HEAD request on any URL over https.

Expected

  • Expected Status Code: not important
  • The Header field Strict-Transport-Security is expected to contain 'max-age=' and 'includeSubDomains'

More information