Security
Make sure your SSL certificate is actually doing its job.
Check validity, expiry, mixed content, and HSTS — the things that break trust silently.
Issuer
—
Expires
—
Days Remaining
—
Protocol
—
No mixed content detected
Mixed content detected
HSTS is enabled. Browsers will always use HTTPS.
HSTS is not enabled. Consider adding the Strict-Transport-Security header.
What does an SSL certificate actually do?
SSL/TLS encrypts the connection between your visitors and your server. Without it, login credentials, form submissions, and payment details travel in plain text. Browsers flag HTTP sites as "Not Secure," and Google factors HTTPS into rankings. A valid certificate is table stakes for any production site.
Mixed content happens when an HTTPS page loads resources (images, scripts, stylesheets) over plain HTTP.
This breaks the chain of trust. The padlock disappears, browsers may block the resource entirely, and
your visitors see warnings. One forgotten http:// asset
URL is all it takes.
HSTS (HTTP Strict Transport Security) tells browsers to only connect over HTTPS, even if someone types
http:// in the address bar. Without it, the first request
can still be intercepted. Adding the Strict-Transport-Security
header closes that gap.
We monitor this automatically for managed sites. Let's talk.
Let's talk →