--- a/devtools/shared/webconsole/test/test_network_security-hpkp.html
+++ b/devtools/shared/webconsole/test/test_network_security-hpkp.html
@@ -17,29 +17,51 @@
 SimpleTest.waitForExplicitFinish();
 
 let gCurrentTestCase = -1;
 const HPKP_PREF = "security.cert_pinning.process_headers_from_non_builtin_roots";
 
 // Static pins tested by unit/test_security-info-static-hpkp.js.
 const TEST_CASES = [
   {
-    desc: "no Public Key Pinning",
+    desc: "no HSTS or HPKP",
     url: "https://example.com",
+    usesHSTS: false,
+    usesPinning: false,
+  },
+  {
+    desc: "HSTS from this response, no Public Key Pinning",
+    url: "https://example.com/" +
+         "browser/browser/base/content/test/general/browser_star_hsts.sjs",
+    usesHSTS: true,
     usesPinning: false,
   },
   {
-    desc: "dynamic Public Key Pinning with this request",
+    desc: "stored HSTS from previous response, no Public Key Pinning",
+    url: "https://example.com/",
+    usesHSTS: true,
+    usesPinning: false,
+  },
+  {
+    desc: "no Public Key Pinning or HSTS",
+    url: "https://include-subdomains.pinning-dynamic.example.com/",
+    usesHSTS: false,
+    usesPinning: false,
+  },
+  {
+    desc: "dynamic Public Key Pinning with this request, no HSTS",
     url: "https://include-subdomains.pinning-dynamic.example.com/" +
          "browser/browser/base/content/test/general/pinning_headers.sjs",
+    usesHSTS: false,
     usesPinning: true,
   },
   {
-    desc: "dynamic Public Key Pinning with previous request",
+    desc: "dynamic Public Key Pinning with previous request, no HSTS",
     url: "https://include-subdomains.pinning-dynamic.example.com/",
+    usesHSTS: false,
     usesPinning: true,
   }
 ];
 
 function startTest() {
   // Need to enable this pref or pinning headers are rejected due test
   // certificate.
   Services.prefs.setBoolPref(HPKP_PREF, true);
@@ -49,21 +71,23 @@ function startTest() {
     // Reset pinning state.
     let gSSService = Cc["@mozilla.org/ssservice;1"]
                        .getService(Ci.nsISiteSecurityService);
 
     let gIOService = Cc["@mozilla.org/network/io-service;1"]
                        .getService(Ci.nsIIOService);
     for (let {url} of TEST_CASES) {
       let uri = gIOService.newURI(url);
+      gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
       gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
     }
   });
 
-  info("Test detection of Public Key Pinning.");
+  info("Test detection of HTTP Strict Transport Security" +
+       " and Public Key Pinning.");
   removeEventListener("load", startTest);
   attachConsoleToTab(["NetworkActivity"], onAttach);
 }
 
 function onAttach(state, response) {
   onNetworkEventUpdate = onNetworkEventUpdate.bind(null, state);
   state.dbgClient.addListener("networkEventUpdate", onNetworkEventUpdate);
 
@@ -83,16 +107,18 @@ function runNextCase(state) {
 
   let iframe = document.querySelector("iframe").contentWindow;
   iframe.wrappedJSObject.makeXhrCallback("GET", url);
 }
 
 function onNetworkEventUpdate(state, type, packet) {
   function onSecurityInfo(received) {
     let data = TEST_CASES[gCurrentTestCase];
+    is(received.securityInfo.hsts, data.usesHSTS,
+      "Strict Transport Security detected correctly.");
     is(received.securityInfo.hpkp, data.usesPinning,
       "Public Key Pinning detected correctly.");
 
     runNextCase(state);
   }
 
   if (packet.updateType === "securityInfo") {
     state.client.getSecurityInfo(packet.from, onSecurityInfo);