About
"About" tools
Development blog
Contact
History
Privacy Statement
Terms & Conditions
How to use the tools
Calculator
"Calculator" tools
Acceleration calculator
Battery calculator
Distance calculator
Electric Car calculator
Exponential growth
Fuel Cost calculator
Natural Gas calculator
Gladwell's 10000 hours
Speed converter
Frequency Calculator
Electrical power
Wavelength Calculator
Mortgage loan calculator
Code
"Code" tools
Bash boilerplate
Color
"Color" tools
CMYK conversion
HTML Color list
Pantone Color list
RGB conversion
Websafe Color list
Data
"Data" tools
Bandwidth convert
Download calculator
Data size calculator
Music
"Music" tools
Beats-per-minute
Audio delay
Music Frequency
Song length
Music Scale
Tap your tempo
Photo
"Photo" tools
Aspect ratio
Composition Calculator
Depth-of-Field Calculator
DPI calculator
Image filesize calculator
Light calculator (EV)
Megapixel calculator
Megapixel Aspects
Video
"Video" tools
Audio file size calculator
Common bitrates
DCP file size
Foot-Lambert Calculator
Screen size
Video bitrate
Frame rate convert
Video file size calculator
Web
"Web" tools
Content Security Policy
Redirection check
Security Policy Framework check
HTTPS config check
HTML char map
Emoji char map
HTML encoder
SEO Performance
HTTPS Readiness test
Input
Check here if your site complies with the HTTPS best practices
Domain
Check domain!
Domain analysis: www.mozilla.org
Always redirect to same domain https://www.mozilla.org (BEST PRACTICE!)
IP address:
52.84.134.17
Certificate details
Certificate validity period:
1 year(s)
> 1 year -- will be refixed by Apple Safari browsers
This SSL Certificate was created for
www.mozorg.moz.works
but is also valid for
www.mozilla.org
Certificate issued by
Amazon
, of type
Amazon
Certificate start date:
Oct 22 00:00:00 2021 GMT
Certificate expiration:
Nov 20 23:59:59 2022 GMT
(in 305 days)
Encryption algorithm:
TLSv1.3
/ TLS_AES_128_GCM_SHA256
More certificate details?
SSL Labs:
get more detailed HTTPS report
Mozilla Observatory:
get more detailed HTTPS report
HTTPS Headers
Missing HTTP header x-frame-options -
should be
SAMEORIGIN
Missing HTTP header content-security-policy -
create at least a minimal one
HTTP header x-xss-protection is OK -
cross-scripting protection
HTTP header strict-transport-security (
HSTS
) is OK (6 months valid)
For a GDPR-focused review of your domain, use
Churlie GDPR Checkup
Content details
No mixed content: no http files used in the https page
How to get https for your site
Let’s Encrypt is a free, automated, and open Certificate Authority.
Example:
cloudfleet.io
,
scotthelme.co.uk
Cloudflare One-Click SSL
(also on the
Free Plan
)
Example:
toolstud.io
Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
Example:
www.amazon.com
,
www.mozilla.org
,
twitter.com
References
Google Chrome
and/or
Search
will punish your website for insecure content and practices. In short, every site should be
https://
, and should send every visitor of their
http://
site to the secure one.
Google Chrome: Our plan to label HTTP sites as non-secure is taking place in gradual steps
Data Security Action Plan, step 1: Implement strict encryption measures on all network traffic
BuiltWith: SSL by Default Usage Statistics
Analysis of the Alexa Top 1M sites: HTTPS, HSTS, CSP
