Toggle navigation
TOOLSTUD.IO
Data
** All Data tools **
Bandwidth converter
Data size calculator
Cloud Storage Cost
Electrical power calculator
Bash boilerplate generator
Color
** All Color tools **
RGB color conversion
CMYK color conversion
HTML Color list
Pantone Color list
Websafe Color list
Photo
** All Photo tools **
Aspect ratio calculator
Megapixel calculator
Image filesizes
Megapixel Aspects
DPI calculator
Composition calculator
Depth-of-Field calculator
Light calculator (EV)
Video
** All Video tools **
Frame rate converter
Video bitrate calculator
Common video bitrates
Video file size calculator
Screen size calculator
Audio file size calculator
DCP file size calculator
Music
** All Music tools **
Beats-per-minute
Tap your tempo
Web
** All Web tools **
HTML encoder
HTML char map
Web Speed/SEO Performance Checks
HTTPS readiness check
Calculator
** All Calculator tools **
Speed converter
Acceleration calculator
Distance calculator
Mortgage loan calculator
Fuel Cost calculator
Electric Car calculator
Gladwell's 10000 hour-rule
About
** All About tools **
Examples of how to use the tools
History & development
Contact
Development blog
Terms & Conditions
Privacy Statement
Donations/wishlist
HTTPS Readiness test
Input
Check here if your site complies with the HTTPS best practices
Domain
Check domain!
Domain analysis: www.mozilla.org
IP addresses:
104.16.40.2
,
104.16.41.2
Always redirect to same domain https://www.mozilla.org (BEST PRACTICE!)
Certificate details
This SSL Certificate was created especially for
www.mozilla.org
Certificate issued by
DigiCert Inc
, of type
DigiCert SHA2 Secure Server CA
Certificate start date:
Nov 5 00:00:00 2018 GMT
Certificate expiration:
Nov 13 12:00:00 2019 GMT
(in 21 days)
Certificate validity period:
1 year(s)
=> commercial (paid) certificate
Encryption algorhythm:
TLSv1.2
/ ECDHE-RSA-AES128-GCM-SHA256
More certificate details?
SSL Labs:
get more detailed HTTPS report
Mozilla Observatory:
get more detailed HTTPS report
HTTPS Headers
Missing HTTP header x-frame-options -
should be
SAMEORIGIN
Missing HTTP header content-security-policy -
create at least a minimal one
HTTP header x-xss-protection is OK -
cross-scripting protection
HTTP header strict-transport-security (
HSTS
) is OK (12 months valid)
Content details
No mixed content: no http files used in the https page
How to get https for your site
Let’s Encrypt is a free, automated, and open Certificate Authority.
Example:
cloudfleet.io
,
scotthelme.co.uk
Cloudflare One-Click SSL
(also on the
Free Plan
)
Example:
toolstud.io
Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
Example:
www.amazon.com
,
www.mozilla.org
,
twitter.com
References
Google Chrome
and/or
Search
will punish your website for insecure content and practices. In short, every site should be
https://
, and should send every visitor of their
http://
site to the secure one.
Google Chrome: Our plan to label HTTP sites as non-secure is taking place in gradual steps
Data Security Action Plan, step 1: Implement strict encryption measures on all network traffic
BuiltWith: SSL by Default Usage Statistics
Analysis of the Alexa Top 1M sites: HTTPS, HSTS, CSP
