Free tools

HSTS Header Generator

HSTS header generator. Build a Strict-Transport-Security header with max-age, includeSubDomains, and preload — then copy/paste.

Strict-Transport-Security
Seconds. Example: 1 year = 31536000.
Options
Only enable preload if you meet preload requirements and understand the impact.
Header output

HSTS header generator

HSTS (HTTP Strict Transport Security) tells browsers to use HTTPS for your domain for a period of time. Use this tool to generate a valid Strict-Transport-Security header line you can paste into your server or CDN config.

Recommended rollout

  • Start with a short max-age (e.g. 1 day) to test safely
  • Increase to longer durations once HTTPS is correct everywhere
  • Only enable preload if you understand the impact and meet the preload requirements

What the options do

  • includeSubDomains: applies HSTS to all subdomains
  • preload: signals intent to be included in browser preload lists

Frequently Asked Questions

What is HSTS?
HSTS (HTTP Strict Transport Security) is a security header that tells browsers to always use HTTPS for your domain. Once a browser sees the HSTS header, it will automatically upgrade all HTTP requests to HTTPS, preventing downgrade attacks and man-in-the-middle attacks.
What is max-age and what value should I use?
max-age specifies how long (in seconds) browsers should remember to enforce HTTPS. Common values: 31536000 (1 year, recommended for production), 63072000 (2 years, for preload list). Start with a short duration (1 day) to test, then increase gradually.
Should I include includeSubDomains?
Include includeSubDomains if all your subdomains support HTTPS. This extends HSTS protection to subdomains like www.example.com and blog.example.com. Only use this if you're certain all subdomains work with HTTPS, or browsers may fail to load insecure subdomains.
What is the preload directive?
The preload directive opts your domain into browser HSTS preload lists (Chrome, Firefox, Edge, Safari). Once preloaded, browsers know your site requires HTTPS even before the first visit. Submit your site at hstspreload.org after verifying HSTS works correctly. This is irreversible, so test thoroughly first.
Where do I add the HSTS header?
Add the Strict-Transport-Security header to all HTTPS responses at the web server or application level. In Apache, use mod_headers. In Nginx, use the add_header directive. In Express.js, use helmet middleware. The header is ignored on HTTP responses for security.

Related tools

CIDR Subnet CalculatorCORS Header CheckerHTTP Status Code LookupMIME Type LookupURL ParserUser Agent Parser

Super tools

Welcome to Super Tools! We're here to provide you with a collection of easy-to-use tools and utilities to help make your day-to-day tasks a little bit easier.

About Super Tools

Whether you need to quickly count the number of characters in a block of text, convert measurements from pixels to inches, or generate a catchy business name, you'll find what you need right here.

Our goal is to create a one-stop-shop for all your basic productivity needs. We've carefully curated a set of practical, user-friendly tools that are accessible to everyone. No complicated setups or confusing interfaces - just simple solutions to common problems.

Feel free to explore our growing suite of free tools and let us know if there's anything else we can do to help streamline your workflow. We're always happy to hear your feedback and suggestions.

Is Super Tools free?

Our suite of productivity tools is 100% free for anyone to use. We believe everyone should have access to helpful utilities that can save time and make life easier. Whether you're a student, freelancer, small business owner, or just someone looking to simplify certain tasks, you can take advantage of our free character counters, unit converters, name generators, and more without paying a dime. Our commitment to providing valuable, cost-free resources is central to our mission. You'll never encounter paywalls, subscriptions, or hidden fees on our site - just high-quality tools that you can use at no charge. Explore our growing collection of free online utilities today and discover how they can streamline your workflows and boost your productivity.

Looking for More Tools?

Discover curated tools at ToolForThis.com

Visit ToolForThis.com