HTTPS Security Checker
Check security headers and TLS configuration
Check security headers and TLS configuration
Good
5
Warnings
0
Missing
2
Security Headers
Enforces HTTPS connections
Recommended: max-age=31536000; includeSubDomains; preload
Controls resource loading
Recommended: default-src 'self'
Prevents MIME type sniffing
Recommended: nosniff
Controls iframe embedding
Recommended: DENY or SAMEORIGIN
Browser XSS filter (legacy)
Recommended: 1; mode=block
Controls referrer information
Recommended: strict-origin-when-cross-origin
Controls browser features
Recommended: geolocation=(), microphone=(), camera=()
TLS Version Reference
| Version | Status | Notes |
|---|---|---|
| TLS 1.3 | Secure | Most secure, recommended |
| TLS 1.2 | Secure | Secure with proper cipher suites |
| TLS 1.1 | Insecure | Deprecated, should be disabled |
| TLS 1.0 | Insecure | Insecure, must be disabled |
| SSL 3.0 | Insecure | Severely broken, never use |