Keine Werbung mögen? Gehen Werbefrei Heute 

HSTS Preload Header Generator

EntwicklerNetzwerkSicherheit

ANZEIGE Entfernen?

EINGANG

Automatischer Prozess

AUSGABE

Client-Seite

Strict-Transport-Security header:

Preload Eligibility

Server Config Snippets

ANZEIGE Entfernen?

Führung

HSTS Preload Header Generator

Build a correct Strict-Transport-Security header in seconds. Toggle max-age, includeSubDomainsund preload, then copy a ready-to-paste header value and matching server config. A live eligibility checklist tells you whether your header meets the rules for the browser preload list at hstspreload.org.

Nutzung

Wählen Sie einen max-age duration, or choose Custom to enter your own value in seconds.
Aktivieren includeSubDomains if every subdomain is served over HTTPS.
Aktivieren preload if you intend to submit the domain to the browser preload list.
Copy the generated header, or grab a snippet for Nginx, Apache, Caddy, Express.js, or IIS.
Check the eligibility panel before submitting at hstspreload.org.

Funktionen

Instant header generation – Updates as you toggle directives, no button to press.
Preload eligibility checklist – Validates the 1-year minimum max-age plus includeSubDomains and preload directives.
max-age presets – 1 year, 2 years, 6 months, and a testing value, plus a custom field.
Server config snippets – Nginx, Apache, Caddy, Express.js, and IIS, kept in sync with your directives.
Kopieer knoppen – One-click copy for both the header value and each server snippet.
Built-in explainer – Plain-language notes on how HSTS and preloading protect users.

 Häufig gestellte Fragen

What is the difference between HSTS and HTTPS?

HTTPS encrypts the connection between a browser and a server, but a browser can still attempt an initial plain HTTP request before being redirected. HSTS is a response header that instructs the browser to never use HTTP for that host again for a set duration, removing the downgrade window that HTTPS alone leaves open.
Why does the HSTS preload list require a minimum max-age of one year?

The preload list hard-codes HTTPS-only enforcement into the browser, so it is meant for sites committed to HTTPS long term. A one-year (31536000 second) minimum demonstrates that commitment and prevents domains from being added casually and then reverting, which would leave users stranded on a host that can no longer serve HTTPS.
What does the includeSubDomains directive actually affect?

It extends the HTTPS-only policy from the exact host that sent the header to every subdomain beneath it. If set on example.com, browsers will also refuse plain HTTP to api.example.com and blog.example.com. It is required for preload submission, so every subdomain must be reachable over HTTPS before enabling it.

Möchten Sie werbefrei genießen? Werde noch heute werbefrei



 Erweiterungen installieren

IO-Tools zu Ihrem Lieblingsbrowser hinzufügen für sofortigen Zugriff und schnellere Suche

恵 Die Anzeigetafel ist eingetroffen!

Anzeigetafel ist eine unterhaltsame Möglichkeit, Ihre Spiele zu verfolgen. Alle Daten werden in Ihrem Browser gespeichert. Weitere Funktionen folgen in Kürze!

ANZEIGE Entfernen?