HTTPS Readiness test


Check here if your site complies with the HTTPS best practices

Domain analysis:

  • IP addresses:,
  • Always redirect to same domain (BEST PRACTICE!)
  • Certificate details

  • This wildcard SSL Certificate was created for * and is also valid for
  • Certificate issued by DigiCert Inc, of type DigiCert SHA2 High Assurance Server CA
  • Certificate start date: May 11 00:00:00 2020 GMT
  • Certificate expiration: Nov 7 12:00:00 2020 GMT (in 165 days)
  • Certificate validity period: 181 days (probably automated renewal)
  • Encryption algorhythm: TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
  • More certificate details?
  • SSL Labs: get more detailed HTTPS report
  • Mozilla Observatory: get more detailed HTTPS report
  • HTTPS Headers

  • HTTP header x-xss-protection is wrong - should be 1; mode=block
    1; report=""
  • HTTP header content-security-policy is wrong - not a valid format - please check
    sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri®ion=US&lang=en-US&device=desktop&yrid=&partner=; frame-ancestors 'self' https://* https://* https://* https://* https://* htts://* https://*
  • HTTP header x-frame-options is OK - iframe clickjacking protection
  • HTTP header strict-transport-security (HSTS) is OK (12 months valid)
  • For a GDPR-focused review of your domain, use Churlie GDPR Checkup
  • Content details

  • No mixed content: no http files used in the https page
  • How to get https for your site

  • Let’s Encrypt is a free, automated, and open Certificate Authority.
  • Cloudflare One-Click SSL (also on the Free Plan)
  • Paid certificates: Verisign, GeoTrust, Comodo, DigiCert, Thawte, Globalsign
  • References