Check if your site is HTTPS ready

I often hear people struggling with the security of their website. So I have made a tool to check if your site is HTTPS ready. Use it to check if your web server is set up correctly (e.g. always redirect to https, encryption key length, certificate lifetime).

Since 2014 and even more 2017, Google has been pushing for every web site to use HTTPS by default, everywhere. This is needed for privacy for any site, but certainly for any website where one has to log in. Without HTTPS, all traffic (e.g. your password, the content of your emails in your web-mail client) could be read by every server where it passed by. A web server with HTTPS sets up an encrypted connection with your browser so only the sender and the receiver have access to the data being exchanged.

</figure>

HTTPS used to be an expensive option. You had to buy an SSL certificate from companies like Verisign, Thawte or Globalsign (disclaimer: I used to work for the latter, back in the nineties). It was kind of difficult. You had to create a certificate signing request, manage your private key… But since 2015, Let’s Encrypt has made it easy for the hosting companies to offer auto-renewed server certificates for free. For website owner, it’s just a click “Yes I want HTTPS”.

The SSL-by-Default statistics from BuiltWith.com suggest that these efforts have really paid off.

<figcaption>Usage of HTTPS by default</figcaption></figure>