HSTS Tester
Check a site's HTTP Strict Transport Security header — its max-age, includeSubDomains and preload flags, preload readiness, and whether HTTP redirects to HTTPS. Checked from Uptimeify's EU servers.
End the manual growth tax.
Running checks by hand eats valuable agency time. Uptimeify monitors your entire client portfolio from one place — on a fair, organization-wide quota model, on secure EU infrastructure. No per-client fees, no surprises.
Frequently asked questions about HSTS Tester
HTTP Strict Transport Security is a response header that tells browsers to only ever connect to your site over HTTPS for a set time (max-age). It stops downgrade and cookie-hijacking attacks. includeSubDomains extends it to every subdomain, and preload lets you submit the domain to a list browsers ship with, so even the very first visit is forced to HTTPS — which requires max-age of at least one year plus includeSubDomains and preload.
The request runs on Uptimeify's EU servers, and the domain you enter is used only for the test and is not stored. The fetcher only allows http and https and refuses to connect to private or internal addresses. As an EU-built, EU-hosted provider, we keep this off US infrastructure and clear of US Cloud Act exposure, which matters for agencies handling client data under GDPR.
HSTS and a working HTTPS redirect are easy to lose during a deploy or certificate change. Verify them here, then let Uptimeify watch the site and its certificate continuously and alert you the moment HTTPS, the redirect or the certificate breaks.
Uptimeify for Agencies
A fair quota model instead of unfair per-client fees — monitor every client from one dashboard.
Explore featuresFree Agency Success Kit
Get exclusive SLA contract templates and white-label pitch decks to win and keep more clients.
Get the kitInteractive Profit Calculator
See the untapped margin hiding in your operations — calculate your agency's monitoring profit potential.
Open the calculator