Get Started Client Area

Security Tools

Check SSL certificates, HTTP and security headers, CORS, and redirects. Improve HTTPS setup and protect your site from common misconfigurations.

🔒

SSL Checker

Inspect SSL/TLS certificates, validity, expiration, and chain information.

Free Start
📋

HTTP Headers Checker

Inspect HTTP response headers: security, caching, and CORS. Check status code, final URL, and copy headers as JSON or curl.

Free Start
🌐

CORS Checker

Test Access-Control headers for any URL. Check ACAO, credentials, methods, and preflight (OPTIONS) response.

Free Start
🛡️

Security Headers Checker

Scan CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy and get fixes.

Free Start
⚠️

Mixed Content Checker

Find HTTP assets on HTTPS pages (images, scripts, CSS). Detect blocked or insecure requests.

Free Start
🔄

HTTPS Redirect Checker

Test if HTTP redirects to HTTPS correctly. See redirect chain, status codes, and canonical URL.

Free Start

About these security tools

Use the SSL Checker to verify certificates, expiry, and chain. The HTTP Headers Checker inspects response headers for security, caching, and CORS. The Security Headers Checker grades CSP, HSTS, X-Frame-Options, and more. The Mixed Content Checker finds HTTP assets on HTTPS pages. The HTTPS Redirect Checker verifies HTTP→HTTPS redirects. The CORS Checker tests Access-Control-Allow-Origin and preflight. Together they help you lock down HTTPS and avoid common misconfigurations.

Security Tools FAQ

Why is SSL/TLS important for websites?

SSL/TLS encrypts data between users and your site and is required for HTTPS. It protects passwords and sensitive data and is a ranking factor. Use the SSL Checker to verify your certificate and chain.

What are security headers and why do they matter?

Security headers (e.g. HSTS, CSP, X-Frame-Options) tell browsers how to handle your site and reduce XSS and clickjacking risks. Use the HTTP Headers Checker to see which headers your server sends.

What is CORS and how do I test it?

CORS (Cross-Origin Resource Sharing) uses Access-Control-* response headers to allow or block cross-origin requests. Misconfigurations (e.g. wildcard with credentials) break front-end requests. Use the CORS Checker to test your API or site.

How do I fix CORS errors in the browser?

Ensure your server sends Access-Control-Allow-Origin (with your front-end origin or * if no credentials), and for credentialed requests use a specific origin, not *. Add Vary: Origin when returning a specific ACAO. Test with the CORS Checker.

Should my site redirect HTTP to HTTPS?

Yes. Redirecting HTTP to HTTPS ensures all traffic is encrypted. Use a 301 permanent redirect and enable HSTS via the Strict-Transport-Security header. Check headers with the HTTP Headers Checker.