HTTPS Readiness test

Input

Check here if your site complies with the HTTPS best practices

Domain analysis: firefox.com

  • Always redirect to same domain https://firefox.com (BEST PRACTICE!)
  • IP addresses: 44.236.72.93, 44.236.48.31, 44.235.246.155
  • Certificate details

  • This SSL Certificate was created especially for firefox.com
  • Certificate issued by Let's Encrypt, of type Let's Encrypt Authority X3 (auto renewal)
  • Certificate start date: Oct 13 00:09:02 2020 GMT
  • Certificate expiration: Jan 11 00:09:02 2021 GMT (in 46 days)
  • Certificate validity period: 90 days (probably automated renewal)
  • Encryption algorithm: TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • More certificate details?
  • SSL Labs: get more detailed HTTPS report
  • Mozilla Observatory: get more detailed HTTPS report
  • HTTPS Headers


    Warning: A non-numeric value encountered in /srv/data/web/vhosts/toolstud.io/htdocs/network/https.php on line 324
  • Missing HTTP header x-xss-protection - should be 1; mode=block
  • HTTP header content-security-policy is wrong - not a valid format - please check
    frame-ancestors 'none'
  • HTTP header x-frame-options is OK - iframe clickjacking protection
  • HTTP header strict-transport-security (HSTS) is set but too short (only 0 months valid - should be at least 6)
  • For a GDPR-focused review of your domain, use Churlie GDPR Checkup
  • Content details

  • No mixed content: no http files used in the https page
  • How to get https for your site

  • Let’s Encrypt is a free, automated, and open Certificate Authority.
    Example: cloudfleet.io, scotthelme.co.uk
  • Cloudflare One-Click SSL (also on the Free Plan)
    Example: toolstud.io
  • Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
    Example: www.amazon.com, www.mozilla.org, twitter.com
  • References