Skip to content
This repository has been archived by the owner on May 9, 2022. It is now read-only.


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

HSTS Preload Readiness Checker

Prior to submitting a domain to the HSTS preload list you'll want to make sure that all of the subdomains of a given domain are all available on HTTPS.

This project helps you do that. It takes either a BIND master file as input or fetches a zone from Route53. It then attempts to connect to each host on both HTTP and HTTPS and then outputs the results in an easy to action format (or CSV if you prefer).

How to run

You'll need to have a 1.8 JVM and SBT. If you are on OSX then simply brew install sbt should do the job.

Once installed you can run the SBT build tool using sbt in the root of the repository. Once you have an sbt prompt you can run it using run. Usage information will be displayed with no arguments.

Some examples:

  • run -b -o csv = write out a CSV report for the zone stored in the specified BIND file
  • run -z -r eu-west-1 -v = write out a verbose report for a zone in Route53 that includes results that are successful on HTTPS with a suitable HSTS header and also results where no connection could be made on HTTP or HTTPS


This only checks services that are found on standard HTTP and HTTPS ports. Hosts that provide HTTP services on non-standard ports will not be discovered.


Scala script that analyses a domain for HSTS preload readiness


Code of conduct





No releases published


No packages published