diff --git a/admin_manual/configuration_server/security_setup_warnings.rst b/admin_manual/configuration_server/security_setup_warnings.rst
index d0d95e7f6..66ae66a21 100644
--- a/admin_manual/configuration_server/security_setup_warnings.rst
+++ b/admin_manual/configuration_server/security_setup_warnings.rst
@@ -77,6 +77,9 @@ For enhanced security we recommend enabling HSTS as described in our security ti
 The HSTS header needs to be configured within your Web server by following the
 :ref:`enable-hsts-label` documentation
 
+You can see if the header is appearing in requests by using your browser inspector
+or using a tool such as cURL: ``curl --head https://cloud.domain.tld``.
+
 /dev/urandom is not readable by PHP
 -----------------------------------