HTTPS Readiness test

Input

Check here if your site complies with the HTTPS best practices

Domain analysis: apple.be

  • Redirect to insecure URL on other server www.apple.com - check that server!
  • IP address: 17.253.142.4
  • Certificate details

  • Certificate validity period: 1 year(s) > 1 year -- will be refixed by Apple Safari browsers
  • This SSL Certificate was created for 12diasdepresentesdeitunes.com but is also valid for apple.be
  • Certificate issued by Apple Inc., of type Apple Public Server RSA CA 12 - G1
  • Certificate start date: Nov 11 19:51:10 2020 GMT
  • Certificate expiration: Dec 11 19:51:10 2021 GMT (in 382 days)
  • Encryption algorithm: TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • More certificate details?
  • SSL Labs: get more detailed HTTPS report
  • Mozilla Observatory: get more detailed HTTPS report
  • HTTPS Headers

  • Missing HTTP header x-xss-protection - should be 1; mode=block
  • Missing HTTP header x-frame-options - should be SAMEORIGIN
  • Missing HTTP header content-security-policy - create at least a minimal one
  • Missing HTTP header strict-transport-security (HSTS)
  • For a GDPR-focused review of your domain, use Churlie GDPR Checkup
  • Content details

  • No mixed content: no http files used in the https page
  • How to get https for your site

  • Let’s Encrypt is a free, automated, and open Certificate Authority.
    Example: cloudfleet.io, scotthelme.co.uk
  • Cloudflare One-Click SSL (also on the Free Plan)
    Example: toolstud.io
  • Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
    Example: www.amazon.com, www.mozilla.org, twitter.com
  • References