What is HSTS Preloading?
It is a list built into browsers that tells them to use HTTPS for your domain before the first time a user even visits your site.
Generate HTTP Strict Transport Security (HSTS) headers • Configure secure-only connections and preload eligibility
Copy this policy and add it to your server's Content-Security-Policy header or a <meta> tag to protect your site against XSS and data injection attacks.
Generate perfectly formatted HSTS (HTTP Strict Transport Security) headers. Protect your users from protocol downgrade attacks and get your domain ready for the HSTS Preload list.
WebToolkit Pro is engineered for zero-trust environments. This utility processes your sensitive data entirely within your browser using Web Workers.
Users select the security duration and subdomain policies; the tool then generates the header string and server-specific configuration code.
module.exports = {
async headers() {
return [
{
source: '/(.*)',
headers: [
{ key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubDomains; preload' }
]
}
]
}
}It is a list built into browsers that tells them to use HTTPS for your domain before the first time a user even visits your site.
Yes, if you enable HSTS and then lose your SSL certificate, users will be unable to access your site until the max-age expires. Start with a short duration first.
Looking for more professional developer utilities?
Explore All WebToolkit Pro ToolsThis utility is engineered and maintained under strict editorial and technical standards. All source calculations are audited against official formatting standards and RFC specifications to guarantee mathematical and logic accuracy.
Security Guarantee: To guarantee absolute user privacy, this tool executes 100% client-side inside your web browser. None of your input strings, payloads, keys, or files are ever transmitted to a server or stored externally.
Built by Abu Sufyan • Also explore: Severance Calculator & TradeConvert
Expert guides and technical research related to this tool.
Free, client-side utilities related to this topic.
Generate high-security Subresource Integrity (SRI) hashes for your scripts and stylesheets. Ensure that assets loaded from a CDN haven't been tampered with or modified by a third party.
Build perfectly formatted Content Security Policies (CSP) to protect your website from XSS, clickjacking, and data injection. A professional visual builder for complex security headers.
Generate perfectly formatted Permissions-Policy headers (formerly Feature-Policy). Control which browser features (Camera, Microphone, Geolocation) can be used by your site and embedded iframes.
Generate Subresource Integrity (SRI) hashes
Generate complex Content Security Policy (CSP) headers
Generate Browser Permissions Policy headers
Verify and audit SSL/TLS certificates