Toggle navigation
TOOLSTUD.IO
Data
** All Data tools **
Bandwidth converter
Data size calculator
Cloud Storage Cost
Electrical power calculator
Bash boilerplate generator
Color
** All Color tools **
RGB color conversion
CMYK color conversion
HTML Color list
Pantone Color list
Websafe Color list
Photo
** All Photo tools **
Aspect ratio calculator
Megapixel calculator
Megapixel Aspects
DPI calculator
Composition calculator
Depth-of-Field calculator
Light calculator (EV)
Video
** All Video tools **
Frame rate converter
Video bitrate calculator
Common video bitrates
Video file size calculator
Audio file size calculator
DCP file size calculator
Music
** All Music tools **
Beats-per-minute
Tap your tempo
Web
** All Web tools **
HTML encoder
HTML char map
HTTPS readiness check
Calculator
** All Calculator tools **
Speed converter
Acceleration calculator
Distance calculator
Mortgage loan calculator
Fuel Cost calculator
Gladwell's 10000 hour-rule
About
** All About tools **
Examples of how to use the tools
History & development
Contact
Development blog
Terms & Conditions
Privacy Statement
Donations/wishlist
HTTPS Readiness test
Input
Check here if your site complies with the HTTPS best practices
Domain
Check domain!
Domain analysis: twitter.com
IP addresses:
104.244.42.193
,
104.244.42.129
Always redirect to same domain https://twitter.com (BEST PRACTICE!)
Certificate details
This SSL Certificate was created especially for
twitter.com
Certificate issued by
DigiCert Inc
, of type
DigiCert SHA2 High Assurance Server CA
Certificate start date:
2018-10-31 00:00:00 GMT
Certificate expiration:
2019-11-05 12:00:00 GMT
(in 326 days)
Certificate validity period:
1 year(s)
=> commercial (paid) certificate
Encryption algorhythm:
TLSv1.2
/ ECDHE-RSA-AES128-GCM-SHA256
More certificate details?
SSL Labs:
get more detailed HTTPS report
Mozilla Observatory:
get more detailed HTTPS report
HTTPS Headers
Missing HTTP header x-xss-protection -
should be
1; mode=block
Missing HTTP header x-frame-options -
should be
SAMEORIGIN
Missing HTTP header content-security-policy -
create at least a minimal one
HTTP header strict-transport-security (
HSTS
) is OK (243 months valid)
Content details
No mixed content: no http files used in the https page
How to get https for your site
Let’s Encrypt is a free, automated, and open Certificate Authority.
Example:
cloudfleet.io
,
scotthelme.co.uk
Cloudflare One-Click SSL
(also on the
Free Plan
)
Example:
toolstud.io
Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
Example:
www.amazon.com
,
www.mozilla.org
,
twitter.com
References
Google Chrome
and/or
Search
will punish your website for insecure content and practices. In short, every site should be
https://
, and should send every visitor of their
http://
site to the secure one.
Google Chrome: Our plan to label HTTP sites as non-secure is taking place in gradual steps
Data Security Action Plan, step 1: Implement strict encryption measures on all network traffic
BuiltWith: SSL by Default Usage Statistics
Analysis of the Alexa Top 1M sites: HTTPS, HSTS, CSP