📣︎ Heads up! New security scoring standards apply - Your website grade may have changed. MDN Observatory will launch soon. Learn More.
Scan Summary
Loading Results
This site returned an HTTP status code other than 200 (OK), which may cause its results to be inaccurate.
Scan Summary
Scan ID #:
Start Time:
Duration: seconds
Score: /100
Tests Passed: /
Content Security Policy Analysis CSP Analysis
Test Pass Info
Blocks execution of inline JavaScript by not allowing 'unsafe-inline' inside script-src
Blocks execution of JavaScript's eval() function by not allowing 'unsafe-eval' inside script-src
Blocks execution of plug-ins, using object-src restrictions
Blocks inline styles by not allowing 'unsafe-inline' inside style-src
Blocks loading of active content over HTTP or FTP
Blocks loading of passive content over HTTP or FTP
Clickjacking protection, using frame-ancestors
Deny by default, using default-src 'none'
Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins
Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Uses CSP3's 'strict-dynamic' directive to allow dynamic script loading (optional)
Name Expires Path Secure HttpOnly SameSite Prefixed
Grade History
Date Score Grade
Raw Server Headers
Header Value
Scan Summary
Loading Results
This site uses an untrusted or invalid certificate. The following results ignore this error.
Scan Summary
Host: ()
Scan ID #:
End Time:
Compatibility Level: Compat. Level:
Certificate Explainer: Explainer:
Certificate Information Certificate
Common name:
Alternative Names:
First Observed: (certificate #)
Valid From:
Valid To:
Signature Algorithm:
Cipher Suites
Cipher SuiteCipher Code Key sizeSize AEAD PFS Protocols
Miscellaneous Information Miscellaneous
CAA Record:
Cipher Preference: selects preferred cipher
Compatible Clients:
OCSP Stapling:

Looking for improved security and have a user base of only modern clients?

Take a look at the Mozilla “Modern” TLS configuration! It provides an extremely high level of security and performance and is compatible with all clients released in the last couple years. It is not recommended for general purpose websites that may need to service older clients such as Android 4.x, Internet Explorer 10, or Java 6.x.

Still want secure website, but need compatibility with those older clients?

No problem! The Mozilla “Intermediate” TLS configuration may be just right for you! It provides the similar level of security to the “Modern” configuration when used with current clients, but still supports older versions of web browsers and tools.

Please note that these suggestions may not be appropriate for your particular usage requirements! If they do sound like something you'd like assistance with, then hop on board:

Teleport me to Mozilla's configuration generator!

Scan Summary
Loading Results
Scan Summary
Host: (:)
Scan ID #:
End Time:
Mozilla SSH Standards Compliant:
🎉🎉🎉 We don't have any! Keep up the good work! 🎉🎉🎉
Authentication Methods:
Duplicate Host Keys:
Version Information
Server Banner:
Operating System Identifier:
SSH Library Identifier:

Email Security

Global Cyber Alliance (GCA)
Loading Results
SPF record:
DKIM selector:
DKIM record:
DMARC record:
Complete Results:

Transport Layer Security TLS & SSL

Loading Results
Complete Results:
Loading Results
Host: ()
Score: /100
Insecure Renego­tiation:
OpenSSL ChangeCipherSpec: OpenSSL CCS:
OpenSSL Padding Oracle:
Poodle (SSLv3):
Poodle (TLS):
Complete Results:
Loading Results
IP addresses:
Failing addresses:
Overall score: /100
Complete Results:

HTTP Headers & Content Security HTTP Headers

Loading Results
Complete Results:


Loading Results
Complete Results: