Home/Builders/Is this built with HSTS?
HSTS logo
Security

Is This Website Built With HSTS?

Paste any URL below. Our scanner checks 1 HSTS-specific fingerprints — scripts, CDN domains, HTML attributes, and HTTP headers — and returns a confidence score instantly.

How to Tell if a Website Uses HSTS

Identifying whether a website was built with HSTS used to require technical expertise — inspecting source code, tracing network requests in DevTools, and knowing which patterns to look for. Our free scanner automates all of that: it fetches the page, analyzes 1 HSTS-specific signals, and returns a verdict with a confidence score.

You might want to detect HSTS for competitive research, due diligence before acquiring a site, or simple curiosity. Whatever the reason, this page covers every method — automated and manual.

What is HSTS?

HSTS is a Security used to build websites and web applications.

It is primarily used for business websites, portfolios, landing pages, and personal sites without coding knowledge.

Visit HSTS official website

Signs a Website Is Built With HSTS

Our detection engine checks 1 unique HSTS fingerprints. Here are the most reliable signals:

High Confidence

HTTP Response Headers

HSTS-hosted sites respond with specific HTTP headers that identify the platform or infrastructure. These are visible in DevTools → Network tab.

strict-transport-security

How to Manually Detect HSTS Websites

Method 1 — View Page Source

  1. Open the website in your browser
  2. Press Ctrl+U (Windows) or Cmd+Option+U (Mac)
  3. Search (Ctrl+F) for hsts or hsts
  4. If found in script src, class names, or meta tags — it's likely HSTS

Method 2 — Browser DevTools Network Tab

  1. Press F12 to open DevTools
  2. Click the Network tab and reload the page
  3. Filter by hsts in the search box
  4. If you see requests to HSTS-specific domains, it's confirmed
Faster: Skip the manual steps — paste the URL into our scanner above and we check all 1 signals in seconds.

How Our HSTS Detector Works

When you submit a URL, our engine fetches the page from its server — just like a browser would — then analyzes the response across 1 HSTS-specific fingerprints:

Script analysis

We scan all loaded JavaScript files for known CDN paths and runtime names

CDN domain matching

We cross-reference every asset request against known platform CDNs

HTML pattern scanning

We search the DOM for platform-specific class names and data attributes

Header inspection

We read HTTP response headers that identify the server or platform

Meta tag extraction

We check generator and other meta tags in the document head

Confidence scoring

We weight each matched signal and normalize to a 0–99% score

How to Build a Similar Website With HSTS

Sign up at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security, pick a template, customize it with the drag-and-drop editor, add your content, and publish. Most website builders offer free plans to get started.

Other popular website builders include Wix, Squarespace, Webflow, Carrd, and Showit.

Get started with HSTS

Frequently Asked Questions

How can I tell if a website was built with HSTS?

The most reliable ways to detect HSTS are: (1) open DevTools → Network tab and look for requests to HSTS-specific CDN domains, (2) view page source and search for HSTS-specific class names or data attributes, (3) use our free scanner — we check 1 detection signals automatically and return a confidence score.

Is your HSTS detector free?

Yes, completely free. Paste any URL into our scanner and we'll analyze it for HSTS fingerprints immediately. No account required, no limits on scans.

How accurate is the HSTS detection?

We check 1 unique HSTS fingerprint signals across HTML, JavaScript, CDN domains, meta tags, and HTTP headers. Our confidence score reflects how many signals matched — a score above 70% is a strong indicator. We cap accuracy at 99% to reflect that all fingerprint-based detection is probabilistic.

Can HSTS sites be detected if they use a custom domain?

Yes. Custom domains don't hide the underlying platform. The JavaScript files, CDN requests, HTML attributes, and server headers all remain identifiable regardless of the domain name used. Our scanner fetches the page directly and analyzes its technical composition.

What should I do after detecting a HSTS website?

If you want to build something similar, visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security to learn more or sign up. If you're doing competitive research, our scan result also shows the full technology stack — including hosting platform, domain age, and other detected technologies. You can share the result link with your team.