VOOZH about

URL: https://apify.com/scrappy_garden/hsts-header-checker

โ‡ฑ HSTS Header Checker - Strict-Transport-Security audit ยท Apify

๐Ÿ‘ HSTS Header Checker - Strict-Transport-Security audit avatar

HSTS Header Checker - Strict-Transport-Security audit

Pricing

$4.99/month + usage

Go to Apify Store

HSTS Header Checker - Strict-Transport-Security audit

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

Pricing

$4.99/month + usage

Rating

0.0

(0)

Developer

๐Ÿ‘ Bikram Adhikari

Bikram Adhikari

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

5 months ago

Last modified

Categories

Share

HSTS Header Checker

Checks the Strict-Transport-Security (HSTS) response header for a list of URLs.

It flags common problems such as:

  • Missing HSTS on HTTPS responses
  • Invalid header syntax (missing/invalid max-age)
  • max-age too low (configurable)
  • max-age=0 (disables HSTS)
  • preload present but preload requirements not met

Input

  • startUrls (required): URLs to check (Request List Sources format)
  • requestStrategy: HEAD_THEN_GET (default), HEAD_ONLY, GET_ONLY
  • followRedirects, maxRedirects
  • minMaxAgeSeconds: warn if max-age is below this value
  • requireIncludeSubDomains, requirePreload

Output

Dataset (per-URL)

Each item includes (among others):

  • startUrl, finalUrl, statusCode, usedMethod, timingMs
  • strictTransportSecurityRaw, maxAge, includeSubDomains, preload
  • score, ok, warningCount, errorCount, issues

Key-value store

  • SUMMARY (JSON)
  • REPORT (JSON)

Example input

{
"startUrls":[
{"url":"https://example.com"},
{"url":"http://example.com"}
],
"maxUrls":2,
"timeoutSecs":20,
"requestStrategy":"HEAD_THEN_GET",
"followRedirects":true,
"maxRedirects":10,
"minMaxAgeSeconds":15552000,
"requireIncludeSubDomains":false,
"requirePreload":false,
"maxConcurrency":5,
"proxyConfiguration":{"useApifyProxy":false}
}

Quick start

Store page: https://apify.com/scrappy_garden/hsts-header-checker

Paste this into Input and click Run:

{
"startUrls":[
{
"url":"https://example.com/"
}
],
"proxyConfiguration":{
"useApifyProxy":false
}
}

Outputs (what you get)

  • Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, strictTransportSecurityRaw, maxAge, includeSubDomains, preload, score, ok, warningCount.
  • Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

  • Start with 1โ€“3 URLs to validate behavior, then scale up.
  • If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
  • Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

Related actors

Search keywords

hsts header checker, hsts header checker - strict-transport-security audit, website audit, seo, http headers

You might also like

Http Header Inspector

zerobreak/http-header-inspector

HTTP header inspector that pulls response headers from any URL, scores them for security gaps, and flags missing CSP, HSTS, and X-Frame-Options, so teams can audit caching, redirects, and server config without running curl.

๐Ÿ›ก๏ธ Security Headers Checker

taroyamada/security-headers-checker

Audit HTTP security headers in bulk across hundreds of websites. Extract OWASP compliance grades and detect missing HSTS or CSP directives instantly.

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

Related articles

How to send HTTP headers with cURL
Read more