HTTPS Readiness test

Input

Check here if your site complies with the HTTPS best practices

Domain analysis: www.reddit.com

  • IP address: 151.101.61.140
  • Always redirect to same domain https://www.reddit.com (BEST PRACTICE!)
  • Certificate details

  • This wildcard SSL Certificate was created for *.reddit.com and is also valid for www.reddit.com
  • Certificate issued by DigiCert Inc, of type DigiCert SHA2 Secure Server CA
  • Certificate start date: 2015-08-17 00:00:00 GMT
  • Certificate expiration: 2018-08-21 12:00:00 GMT (in 334 days)
  • Certificate validity period: 3 year(s) => commercial (paid) certificate
  • Encryption algorhythm: TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • More certificate details?
  • SSL Labs: get more detailed HTTPS report
  • Mozilla Observatory: get more detailed HTTPS report
  • HTTPS Headers

  • Missing HTTP header content-security-policy - create at least a minimal one
  • HTTP header x-xss-protection is OK - cross-scripting protection
  • HTTP header x-frame-options is OK - iframe clickjacking protection
  • HTTP header strict-transport-security (HSTS) is OK (6 months valid)
  • Content details

  • No mixed content: no http files used in the https page
  • How to get https for your site

  • Let’s Encrypt is a free, automated, and open Certificate Authority.
    Example: cloudfleet.io, scotthelme.co.uk
  • Cloudflare One-Click SSL (also on the Free Plan)
    Example: toolstud.io
  • Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
    Example: www.amazon.com, www.mozilla.org, twitter.com