SSL Certificate Scanner
Quick audit of your domain's transport security (HSTS and TLS 1.3 best-effort).
Scan results
-
HSTS
-
TLS 1.3
-
Server header
-
Certificate issuer
This section explains how data is protected between your visitors’ browsers and your server. Sound settings reduce the risk of attackers intercepting sensitive information (passwords, payment data, etc.).
1. HSTS (HTTP Strict Transport Security)
HSTS is a security policy that tells browsers to connect to your site only over HTTPS, even if the user types http:// manually.
Why does it matter?
It helps prevent downgrade attacks (forcing plaintext) and cookie hijacking.
What we check
We verify that your server sends the Strict-Transport-Security header. When present, your domain is much harder to intercept.
2. TLS 1.3 (transport layer)
TLS 1.3 is the current, faster, and more secure encryption protocol on the web (the successor to legacy SSL).
What does “best-effort” mean?
We check whether your server prefers and offers TLS 1.3 first. Older versions (e.g. TLS 1.2) may remain for compatibility, but the goal is to negotiate the safest connection possible.
Benefits:
- Speed: shorter handshakes mean faster page loads.
- Security: weak and outdated ciphers are avoided.
Audit summary
| Control | Target state | Benefit |
|---|---|---|
| HSTS header | Present and active | Protection against unencrypted connections. |
| TLS 1.3 support | Enabled | Best performance and modern encryption. |
| HTTPS redirect | Enforced | Users are not left on insecure channels. |