HTTP Strict Transport Security Preload List (Ruby)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This gem packages Chromium's HSTS (RFC 6797) preload list, which is a list of domains hardcoded into many browsers as being HTTPS-only. This gem also provides methods for determining whether a given domain, or subdomains of a given domain, are covered by any preloaded HSTS policies.

SimpleIDN is used for implementing Punycode IDNA (RFC 3492) support. Domain names are normalized before lookups. Because the HSTS preload list is included with the gem, no network requests are made at runtime.


First, add the gem to your project's Gemfile:

gem 'hsts_preload'

Then, run bundle to install the dependencies.


First, require the gem:

require 'hsts_preload'

Check whether a domain is HTTPS-only. This also checks whether any parent domains use includeSubDomains to force their subdomains to be HTTPS-only:

HSTSPreload.force_https? 'app'          # => true
HSTSPreload.force_https? 'φ' # => true
HSTSPreload.force_https? 'example.test' # => false

Check whether a domain and all of its subdomains are HTTPS-only. This checks whether the domain or any of its parent domains are preloaded with an HSTS policy that uses includeSubDomains:

HSTSPreload.force_https_subdomains? 'app'           # => true
HSTSPreload.force_https_subdomains? '' # => true
HSTSPreload.force_https_subdomains? ''     # => false


After checking out the repository, run bundle to install the dependencies.

Use rake test to run the test suite, and bundle console for an interactive console.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to RubyGems.


Bug reports and pull requests are welcome on GitHub.