๐ Website / HTTPS-TLS
Certificate chain, validity & hostname, key strength, supported TLS versions (1.0โ1.3), Perfect Forward Secrecy, and HTTPโHTTPS redirect.
Comprehensive security check for your domain
A single test for website, mail server, DNS, DNSSEC, email authentication, and HTTP security headers โ the most important checks from leading tools, combined into one report.
No data is stored. The check runs live from your browser.
What is checked?
โ๏ธ Mail server TLS & DANE
STARTTLS support of the MX hosts, negotiated TLS version, certificates, and DANE/TLSA verification against the actual server certificate.
๐ก๏ธ Email authentication
SPF (including lookup limit), DKIM selectors & key length, DMARC policy, BIMI, MTA-STS, and TLS-RPT.
๐ DNSSEC
Zone signing, DS anchoring at the parent, validation via the AD flag, and strength of the algorithms in use.
๐ DNS
Number & IPv6 reachability of the name servers, A/AAAA, MX, CAA, SOA, and reverse DNS.
๐ HTTP security headers
HSTS, Content-Security-Policy, X-Content-Type-Options, clickjacking protection, Referrer & Permissions Policy, cookie flags, and information leaks.
Standards checked
The checks are based on established standards and best practices, including RFC 7208 (SPF), RFC 6376 (DKIM), RFC 7489 (DMARC), RFC 8461 (MTA-STS), RFC 8460 (TLS-RPT), RFC 6698/7671 (DANE), RFC 4033 ff. (DNSSEC), RFC 6797 (HSTS), and the OWASP recommendations for security headers.