About
"About" tools
Development blog
Contact
History
Privacy Statement
Terms & Conditions
How to use the tools
Calculator
"Calculator" tools
Acceleration calculator
Distance calculator
Exponential growth
Gladwell's 10000 hours
Speed converter
Color
"Color" tools
CMYK conversion
HTML Color list
Pantone Color list
RGB conversion
Websafe Color list
Data
"Data" tools
Bandwidth convert
Cloud Storage Cost
Data size calculator
Electrical power
Finance
"Finance" tools
Electric Car calculator
Fuel Cost calculator
Mortgage loan calculator
Music
"Music" tools
Beats-per-minute
Audio delay
Song length
Tap your tempo
Network
"Network" tools
Content Security Policy
Redirection check
Security Policy Framework check
HTTPS config check
Photo
"Photo" tools
Aspect ratio
Composition Calculator
Depth-of-Field Calculator
DPI calculator
Image filesize calculator
Light calculator (EV)
Megapixel calculator
Megapixel Aspects
Video
"Video" tools
Audio file size calculator
Common bitrates
DCP file size
Foot-Lambert Calculator
Screen size
Video bitrate
Frame rate convert
Video file size calculator
Web
"Web" tools
HTML char map
Emoji char map
HTML encoder
SEO Performance
Network
HTTPS config check
HTTPS Readiness test
Input
Check here if your site complies with the HTTPS best practices
Domain
Check domain!
Domain analysis: www.mozilla.org
Always redirect to same domain https://www.mozilla.org (BEST PRACTICE!)
IP addresses:
104.18.164.34
,
104.18.165.34
Certificate details
Certificate validity period:
2 year(s)
> 1 year -- will be refixed by Apple Safari browsers
This SSL Certificate was created especially for
www.mozilla.org
Certificate issued by
DigiCert Inc
, of type
DigiCert SHA2 Secure Server CA
Certificate start date:
Jun 29 00:00:00 2020 GMT
Certificate expiration:
Jul 7 12:00:00 2022 GMT
(in 620 days)
Encryption algorithm:
TLSv1.2
/ ECDHE-RSA-AES128-GCM-SHA256
More certificate details?
SSL Labs:
get more detailed HTTPS report
Mozilla Observatory:
get more detailed HTTPS report
HTTPS Headers
Missing HTTP header x-frame-options -
should be
SAMEORIGIN
Missing HTTP header content-security-policy -
create at least a minimal one
HTTP header x-xss-protection is OK -
cross-scripting protection
HTTP header strict-transport-security (
HSTS
) is OK (12 months valid)
For a GDPR-focused review of your domain, use
Churlie GDPR Checkup
Content details
No mixed content: no http files used in the https page
How to get https for your site
Let’s Encrypt is a free, automated, and open Certificate Authority.
Example:
cloudfleet.io
,
scotthelme.co.uk
Cloudflare One-Click SSL
(also on the
Free Plan
)
Example:
toolstud.io
Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
Example:
www.amazon.com
,
www.mozilla.org
,
twitter.com
References
Google Chrome
and/or
Search
will punish your website for insecure content and practices. In short, every site should be
https://
, and should send every visitor of their
http://
site to the secure one.
Google Chrome: Our plan to label HTTP sites as non-secure is taking place in gradual steps
Data Security Action Plan, step 1: Implement strict encryption measures on all network traffic
BuiltWith: SSL by Default Usage Statistics
Analysis of the Alexa Top 1M sites: HTTPS, HSTS, CSP
