About
"About" tools
Development blog
Contact
History
Privacy Statement
Terms & Conditions
How to use the tools
Bash
"Bash" tools
Bash boilerplate
Calculator
"Calculator" tools
Acceleration calculator
Distance calculator
Electric Car calculator
Exponential growth
Fuel Cost calculator
Gladwell's 10000 hours
Speed converter
Frequency Calculator
Electrical power
Wavelength Calculator
Mortgage loan calculator
Color
"Color" tools
CMYK conversion
HTML Color list
Pantone Color list
RGB conversion
Websafe Color list
Data
"Data" tools
Bandwidth convert
Download calculator
Data size calculator
Music
"Music" tools
Beats-per-minute
Audio delay
Music Frequency
Song length
Music Scale
Tap your tempo
Photo
"Photo" tools
Aspect ratio
Composition Calculator
Depth-of-Field Calculator
DPI calculator
Image filesize calculator
Light calculator (EV)
Megapixel calculator
Megapixel Aspects
Video
"Video" tools
Audio file size calculator
Common bitrates
DCP file size
Foot-Lambert Calculator
Screen size
Video bitrate
Frame rate convert
Video file size calculator
Web
"Web" tools
Content Security Policy
Redirection check
Security Policy Framework check
HTTPS config check
HTML char map
Emoji char map
HTML encoder
SEO Performance
Network
HTTPS config check
HTTPS Readiness test
Input
Check here if your site complies with the HTTPS best practices
Domain
Check domain!
Domain analysis: twitter.com
Always redirect to same domain https://twitter.com (BEST PRACTICE!)
IP addresses:
104.244.42.129
,
104.244.42.65
Certificate details
This SSL Certificate was created especially for
twitter.com
Certificate issued by
DigiCert Inc
, of type
DigiCert TLS RSA SHA256 2020 CA1
Certificate start date:
Feb 5 00:00:00 2021 GMT
Certificate expiration:
Feb 4 23:59:59 2022 GMT
(in 297 days)
Certificate validity period:
1 year(s)
=> commercial (paid) certificate
Encryption algorithm:
TLSv1.2
/ ECDHE-RSA-AES128-GCM-SHA256
More certificate details?
SSL Labs:
get more detailed HTTPS report
Mozilla Observatory:
get more detailed HTTPS report
HTTPS Headers
Missing HTTP header x-xss-protection -
should be
1; mode=block
HTTP header x-frame-options is OK -
iframe clickjacking protection
HTTP header content-security-policy is OK -
cross-scripting protection
HTTP header strict-transport-security (
HSTS
) is OK (243 months valid)
For a GDPR-focused review of your domain, use
Churlie GDPR Checkup
Content details
No mixed content: no http files used in the https page
How to get https for your site
Let’s Encrypt is a free, automated, and open Certificate Authority.
Example:
cloudfleet.io
,
scotthelme.co.uk
Cloudflare One-Click SSL
(also on the
Free Plan
)
Example:
toolstud.io
Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
Example:
www.amazon.com
,
www.mozilla.org
,
twitter.com
References
Google Chrome
and/or
Search
will punish your website for insecure content and practices. In short, every site should be
https://
, and should send every visitor of their
http://
site to the secure one.
Google Chrome: Our plan to label HTTP sites as non-secure is taking place in gradual steps
Data Security Action Plan, step 1: Implement strict encryption measures on all network traffic
BuiltWith: SSL by Default Usage Statistics
Analysis of the Alexa Top 1M sites: HTTPS, HSTS, CSP
