SSL & Security Headers Checker
Check the SSL certificate and key security headers for a website
Working...
Why check SSL & security headers?
An expired SSL certificate or missing security headers leaves your website exposed to attacks and erodes visitor trust. The tool checks both in one scan.
A secure website needs more than just the HTTPS padlock in the address bar. An expired SSL certificate triggers a browser "Not secure" warning and blocks access; missing key security headers opens the door to clickjacking, XSS or referrer leakage attacks. The SSL & Security Headers Checker inspects your SSL certificate (issuer, expiry date, days remaining) and checks the 6 most important security headers: Strict-Transport-Security (HSTS), X-Frame-Options, Content-Security-Policy (CSP), X-Content-Type-Options, Referrer-Policy and Permissions-Policy. Each item clearly shows present/missing so you know what to configure on your server.
- SSL certificate expiry date and days remaining
- Checklist of the 6 most important security headers
- Early warning before the certificate expires
How to use in 3 steps
- 1Enter the website URL to check (must be HTTPS to read the certificate).
- 2Click "Check security" — the tool performs a TLS handshake and reads response headers.
- 3Review the SSL certificate expiry and the 6-header security checklist.