Toggle navigation
TOOLSTUD.IO
Data
** All Data tools **
Bandwidth convert
Data size calculator
Cloud Storage Cost
Electrical power
Bash boilerplate
Color
** All Color tools **
RGB conversion
CMYK conversion
HTML Color list
Pantone Color list
Websafe Color list
Photo
** All Photo tools **
Aspect ratio
Megapixel calculator
Image filesizes
Megapixel Aspects
DPI calculator
Composition calc
Depth-of-Field
Light calculator (EV)
Video
** All Video tools **
Frame rate convert
Video bitrate
Common bitrates
Video file size
Screen size
Audio file size
DCP file size
Music
** All Music tools **
Beats-per-minute
Tap your tempo
Web
** All Web tools **
HTML encoder
HTML char map
Emoji char map
SEO Performance
HTTPS config check
Redirection check
Calculator
** All Calculator tools **
Speed converter
Acceleration calculator
Distance calculator
Mortgage loan calculator
Fuel Cost calculator
Electric Car calculator
Gladwell's 10000 hours
About
** All About tools **
How to use the tools
History
Contact
Development blog
Terms & Conditions
Privacy Statement
Donations/wishlist
HTTPS Readiness test
Input
Check here if your site complies with the HTTPS best practices
Domain
Check domain!
Domain analysis: www.mozilla.org
IP addresses:
104.16.142.228
,
104.16.143.228
Always redirect to same domain https://www.mozilla.org (BEST PRACTICE!)
Certificate details
This SSL Certificate was created especially for
www.mozilla.org
Certificate issued by
DigiCert Inc
, of type
DigiCert SHA2 Secure Server CA
Certificate start date:
Oct 14 00:00:00 2019 GMT
Certificate expiration:
Oct 21 12:00:00 2020 GMT
(in 271 days)
Certificate validity period:
1 year(s)
=> commercial (paid) certificate
Encryption algorhythm:
TLSv1.2
/ ECDHE-RSA-AES128-GCM-SHA256
More certificate details?
SSL Labs:
get more detailed HTTPS report
Mozilla Observatory:
get more detailed HTTPS report
HTTPS Headers
Missing HTTP header x-frame-options -
should be
SAMEORIGIN
Missing HTTP header content-security-policy -
create at least a minimal one
HTTP header x-xss-protection is OK -
cross-scripting protection
HTTP header strict-transport-security (
HSTS
) is OK (12 months valid)
For a GDPR-focused review of your domain, use
Churlie GDPR Checkup
Content details
No mixed content: no http files used in the https page
How to get https for your site
Let’s Encrypt is a free, automated, and open Certificate Authority.
Example:
cloudfleet.io
,
scotthelme.co.uk
Cloudflare One-Click SSL
(also on the
Free Plan
)
Example:
toolstud.io
Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
Example:
www.amazon.com
,
www.mozilla.org
,
twitter.com
References
Google Chrome
and/or
Search
will punish your website for insecure content and practices. In short, every site should be
https://
, and should send every visitor of their
http://
site to the secure one.
Google Chrome: Our plan to label HTTP sites as non-secure is taking place in gradual steps
Data Security Action Plan, step 1: Implement strict encryption measures on all network traffic
BuiltWith: SSL by Default Usage Statistics
Analysis of the Alexa Top 1M sites: HTTPS, HSTS, CSP
