Test your SSL/TLS certificate, HTTP security headers and email authentication (SPF, DKIM, DMARC) — and get a plain-English A+ to F grade, no signup. Then keep watch from one dashboard: certificate lifecycle, header grades and uptime, with alerts where your team already works. No sales call. Just receipts.
Built for engineers and security teams who want straight answers — not vendor dashboards. Scan once free, or wire up monitoring for certificates, headers, uptime and email in two clicks.
Cipher suites, protocol versions, certificate chain, OCSP, CT logs and known vulnerabilities — scored the same way the public test suites do.
Alerts at 30, 14 and 7 days, then on the day — plus a Watchtower view and shareable badge showing whether you're ready for 47-day certificate lifetimes.
Grade your HSTS, CSP and friends, then enable per-domain re-scans on a schedule — we alert you the day the grade drops.
HTTP checks from hourly (free) down to 30-second intervals, incident history, and public Trust Pages to show your status off.
SPF, DKIM, DMARC, MTA-STS and DANE checked in one pass — so attackers can't spoof your domain and your mail lands in the inbox.
Search Certificate Transparency logs for any domain — and monitor for certs you didn't request, new issuances and subdomain-takeover risks.
CSR generator, certificate decoder, key matcher, CAA checker, PQC readiness, compliance checker and more — free, no signup.
Domains, scans and uptime over a REST API — 200 requests/day on the free tier — with alerts in Slack, Discord, Telegram, email or webhooks.
What shipped, when — straight from the commit log.
Security-headers monitoring is live end-to-end — schedule re-scans per domain and get grade-drop alerts in Slack, Discord, Telegram, email or webhooks.
API Stability & Longevity Pledge published — versioned endpoints, successor-before-deprecation, 12+ months' notice, machine-readable Deprecation/Sunset headers.
47-day certificate readiness Watchtower + shareable badge — plus subdomain-takeover alerts for monitored domains.
Free Security Headers API — a compatible replacement for the discontinued securityheaders.com API. 40 checks/hour anonymous (400/day), 2,000/day with a free key.
Certificate Transparency Explorer — search CT logs for any domain, plus CT monitoring with new-certificate alerts.
Most SSL checkers only look at certificate dates. MySSL.info goes deeper — we run the same checks a professional auditor would, then translate them into plain English.
Validity dates, issuer trust, hostname matching, SAN coverage, chain completeness, weak signature algorithms (SHA-1), and certificate transparency log presence.
Support for TLS 1.2 and TLS 1.3, forward-secret cipher suites, deprecated protocols (TLS 1.0/1.1, SSLv2/3), and post-quantum key exchange (ML-KEM) — with a dedicated PQC readiness checker.
Heartbleed, POODLE, BEAST, FREAK, Logjam, DROWN, ROBOT, Sweet32, LUCKY13 — every CVE that has shaped TLS in the last decade.
HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy — with fix recommendations, schedulable re-scans and grade-drop alerts.
SPF, DKIM, DMARC, MTA-STS and DANE — so attackers cannot spoof your domain and your mail actually lands in the inbox. Includes a dedicated DMARC checker.
Map every finding against PCI DSS, ISO 27001, HIPAA, SOC 2, GDPR, DORA, NIS2, NIST CSF and Cyber Essentials.
Yes — every SSL scan, security header test, SPF/DKIM/DMARC check and tool on this site is free without signup. Optional accounts add continuous monitoring, alert routing and a longer history window.
We grade against the same rubric used by the well-known public TLS test suites — certificate validity, key strength, protocol versions, cipher suites, forward secrecy, and known vulnerabilities — then layer on HTTP security headers and email authentication checks.
Yes. Add the port in the form (e.g. example.com:8443). Scans work for any host reachable over the public internet.
Public scans are cached for 24 hours so repeat checks on the same domain return instantly. With an account, your scan history is stored privately for trend analysis and compliance audits.
Add the domain to your dashboard. We send expiry alerts at 30, 14 and 7 days, then again on the day — via email, Slack, Discord, Telegram or webhook.
Yes. The TLS scan detects ML-KEM hybrid key exchange (X25519MLKEM768) on TLS 1.3, and the PQC readiness checker gives a dedicated quantum-safe verdict.
We're new and growing — your feedback helps us improve.