how can I use Wireshark to see if a particular web site, web app is using HSTS?
asked 17 Feb, 05:35
IF you can decrypt the HTTP exchange between server and client, you can check to see if the HSTS header is present in the HTTP response from the server. IF NOT then you can't.
answered 17 Feb, 08:15
As Jaap said: If you can decrypt the traffic you will be able to see the HSTS header.
If not you can use the Web Developer tools in your browser (available in/for Chrome, Safari, Firefox, Internet Explorer) or you can configure a proxy like Fiddler to see the headers.
answered 17 Feb, 11:22