HTTPS Readiness test

Input

Check here if your site complies with the HTTPS best practices

Domain analysis: google.com

  • Redirect to insecure URL on sibling server www.google.com - check that server!
  • IP address: 142.251.36.14
  • Certificate details

  • This wildcard SSL Certificate was created for *.google.com and is also valid for google.com
  • Certificate issued by Google Trust Services LLC, of type GTS CA 1C3 (auto renewal)
  • Certificate start date: Jul 18 08:18:57 2022 GMT
  • Certificate expiration: Oct 10 08:18:56 2022 GMT (in 61 days)
  • Certificate validity period: 84 days (probably automated renewal)
  • Encryption algorithm: TLSv1.3 / TLS_AES_256_GCM_SHA384
  • More certificate details?
  • SSL Labs: get more detailed HTTPS report
  • Mozilla Observatory: get more detailed HTTPS report
  • HTTPS Headers

  • Missing HTTP header x-xss-protection - should be 1; mode=block
  • Missing HTTP header content-security-policy - create at least a minimal one
  • Missing HTTP header strict-transport-security (HSTS)
  • HTTP header x-frame-options is OK - iframe clickjacking protection
  • For a GDPR-focused review of your domain, use Churlie GDPR Checkup
  • Content details

  • No mixed content: no http files used in the https page
  • How to get https for your site

    References