Verify HTTP Strict Transport Security (HSTS) header with curl command

Fig.01: Verify HTTP Strict Transport Security (HSTS) header with curl command

Fig.01: Verify HTTP Strict Transport Security (HSTS) header with curl command

You can verify HTTP Strict Transport Security (HSTS) header with curl command as follows. The syntax is:
$ curl -I https://your-example-domain-name.com/
$ curl -I https://bash.cyberciti.biz/

Sample outputs:

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Nov 2016 10:32:00 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: public,max-age=900,s-maxage=900,must-revalidate
Expires: Thu, 17 Nov 2016 10:41:37 GMT
ETag: 417d1544057b5b6c2bbdd419fdbaaa8f
Last-Modified: Mon, 05 Sep 2016 07:49:45 GMT
Front-End-Https: on
Strict-Transport-Security: max-age=15768000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1

Please note down the HSTS “Strict-Transport-Security: max-age=15768000; includeSubDomains” line.

Examples and usage: How to setup HTTP Strict Transport Security With Lighttpd Web Server