📣︎ Heads up! New security scoring standards apply - Your website grade may have changed. MDN Observatory will launch soon. Learn More.
Scan Summary
Loading Results
This site returned an HTTP status code other than 200 (OK), which may cause its results to be inaccurate.
Scan Summary
Host:
Scan ID #:
Start Time:
Duration: seconds
   
Score: /100
Tests Passed: /
Content Security Policy Analysis CSP Analysis
Test Pass Info
Blocks execution of inline JavaScript by not allowing 'unsafe-inline' inside script-src
Blocks execution of JavaScript's eval() function by not allowing 'unsafe-eval' inside script-src
Blocks execution of plug-ins, using object-src restrictions
Blocks inline styles by not allowing 'unsafe-inline' inside style-src
Blocks loading of active content over HTTP or FTP
Blocks loading of passive content over HTTP or FTP
Clickjacking protection, using frame-ancestors
Deny by default, using default-src 'none'
Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins
Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Uses CSP3's 'strict-dynamic' directive to allow dynamic script loading (optional)
Cookies
Name Expires Path Secure HttpOnly SameSite Prefixed
Grade History
Date Score Grade
Raw Server Headers
Header Value
Scan Summary
Loading Results
This site uses an untrusted or invalid certificate. The following results ignore this error.
Scan Summary
Host: ()
Scan ID #:
End Time:
   
Compatibility Level: Compat. Level:
   
Certificate Explainer: Explainer:
Certificate Information Certificate
Common name:
Alternative Names:
   
First Observed: (certificate #)
   
Valid From:
Valid To:
   
Key:
Issuer:
Signature Algorithm:
Cipher Suites
Cipher SuiteCipher Code Key sizeSize AEAD PFS Protocols
Miscellaneous Information Miscellaneous
CAA Record:
Cipher Preference: selects preferred cipher
Compatible Clients:
OCSP Stapling:
Suggestions

Looking for improved security and have a user base of only modern clients?

Take a look at the Mozilla “Modern” TLS configuration! It provides an extremely high level of security and performance and is compatible with all clients released in the last couple years. It is not recommended for general purpose websites that may need to service older clients such as Android 4.x, Internet Explorer 10, or Java 6.x.


Still want secure website, but need compatibility with those older clients?

No problem! The Mozilla “Intermediate” TLS configuration may be just right for you! It provides the similar level of security to the “Modern” configuration when used with current clients, but still supports older versions of web browsers and tools.


Please note that these suggestions may not be appropriate for your particular usage requirements! If they do sound like something you'd like assistance with, then hop on board:

Teleport me to Mozilla's configuration generator!

Scan Summary
Loading Results
Scan Summary
Host: (:)
Scan ID #:
End Time:
   
Mozilla SSH Standards Compliant:
Recommendations
🎉🎉🎉 We don't have any! Keep up the good work! 🎉🎉🎉
Miscellaneous
Authentication Methods:
Compression:
Duplicate Host Keys:
Version Information
Server Banner:
Operating System Identifier:
SSH Library Identifier:

Email Security


Global Cyber Alliance (GCA)
Loading Results
Host:
SPF record:
DKIM selector:
DKIM record:
DMARC record:
   
Complete Results:

Transport Layer Security TLS & SSL


ssllabs.com
Loading Results
Host:
Complete Results:
ImmuniWeb
Loading Results
Host: ()
Score: /100
PCI-DSS:
HIPAA:
NIST:
DROWN:
Heartbleed:
Insecure Renego­tiation:
OpenSSL ChangeCipherSpec: OpenSSL CCS:
OpenSSL Padding Oracle:
Poodle (SSLv3):
Poodle (TLS):
Complete Results:
tls.imirhil.fr
Loading Results
Host:
IP addresses:
Failing addresses:
   
Overall score: /100
   
Complete Results:

HTTP Headers & Content Security HTTP Headers


securityheaders.com
Loading Results
Host:
Complete Results:

Miscellaneous


hstspreload.org
Loading Results
Host:
Preloaded:
   
Notes:
Complete Results: