HTTP Strict Transport Security (HSTS)

Test Case for Strict Transport Security (HSTS) headers

Given

HTTP GET or HEAD request on any URL over https.

Expected

• Expected Status Code: not important
• The Header field Strict-Transport-Security is expected to contain ‘max-age=’ and ‘includeSubDomains’

More information

See also:

• HTTP Strict Transport Security (HSTS) (RFC 6797)