SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that encrypt communication between a browser and a web server. TLS is the current standard — SSL is deprecated. When people say 'SSL certificate,' they almost always mean a TLS certificate.

What is HSTS and why is it important?

HSTS (HTTP Strict-Transport-Security) is a header that tells browsers to always connect via HTTPS, even if the user types 'http://'. Without HSTS, an attacker on the same network can intercept the first HTTP request before it redirects to HTTPS — a classic man-in-the-middle attack vector.

What HSTS max-age should I use?

Start with a short max-age (e.g., 300 seconds) to test, then increase to at least 31536000 (one year) for production. Add includeSubDomains if all subdomains support HTTPS, and the preload directive if you want to submit to browser preload lists for maximum protection.

Does this tool check the actual certificate?

This tool checks transport security from the HTTP layer — HSTS headers, redirect behavior, and related response headers. For deep certificate inspection (expiration, chain, key strength), dedicated certificate checking tools or OpenSSL commands provide more detail.

How does TLS security relate to penetration testing?

Weak TLS configuration is a common penetration test finding. Issues like missing HSTS, support for deprecated protocols (TLS 1.0/1.1), weak cipher suites, and certificate misconfigurations can enable man-in-the-middle attacks. Maced checks all of these during a full penetration test.

Free SSL/TLS Checker

Verify SSL/TLS configuration for any hostname

Enter any hostname to check its SSL/TLS configuration. This tool connects over HTTPS and inspects transport security headers, HSTS configuration, and certificate-related response data to identify misconfigurations that could leave your site vulnerable to man-in-the-middle attacks.

Trusted by teams at

How it works

How SSL/TLS Checker works

Enter a hostname

Type any hostname or domain name. We strip protocols and paths automatically, then connect over HTTPS.

Inspect TLS configuration

We connect to the hostname over HTTPS and analyze the response for transport security headers, HSTS policy, and certificate-related indicators.

Get security recommendations

Receive a detailed assessment of your TLS configuration with specific recommendations for improving transport security.

Features

What SSL/TLS Checker checks

HSTS policy verification

Checks whether Strict-Transport-Security is present and analyzes max-age, includeSubDomains, and preload directives that force browsers to use HTTPS exclusively.

HTTPS redirect detection

Tests whether HTTP requests are properly redirected to HTTPS and whether the redirect chain is secure, catching common misconfigurations.

Transport security header analysis

Examines all TLS-related response headers including Expect-CT, certificate pinning indicators, and protocol-related settings.

Certificate transparency check

Verifies Expect-CT header configuration and checks whether the site opts in to certificate transparency monitoring.

Use cases

Who should use the free SSL/TLS Checker

DevOps Engineers

Verify HTTPS and HSTS are correctly configured after deploying new certificates, changing CDN providers, or updating load balancer settings.

Security Teams

Audit transport security across your organization's web properties. Ensure consistent HSTS policies and proper HTTPS enforcement on all domains.

Compliance Officers

Document your TLS configuration for PCI DSS, SOC 2, and HIPAA audits that require encrypted data in transit and secure certificate management.

More tools

All free security tools

FAQ

Frequently asked questions

Everything you need to know about the free SSL/TLS Checker.

Go beyond SSL/TLS Checker

This free SSL/TLS Checker checks a handful of things. Maced's AI pentest checks thousands.

Get a full autonomous penetration test — including OWASP Top 10, authentication flaws, business logic errors, API security, and more — with a compliance-ready report in hours.

Start Pentest

Proof of exploit on every finding · SOC 2 & ISO 27001 compatible

Free SSL/TLS Checker

Verify SSL/TLS configuration for any hostname

How SSL/TLS Checker works

Enter a hostname

Inspect TLS configuration

Get security recommendations

What SSL/TLS Checker checks

HSTS policy verification

HTTPS redirect detection

Transport security header analysis

Certificate transparency check

Who should use the free SSL/TLS Checker

DevOps Engineers

Security Teams

Compliance Officers

All free security tools

Scanners

Checkers

Decoders & Generators

Compliance & Assessments

Frequently asked questions

This free SSL/TLS Checker checks a handful of things. Maced's AI pentest checks thousands.

Free SSL/TLS Checkerself.__wrap_n!=1&&self.__wrap_b("_R_138dav5ubtpfl7b_",1)

Verify SSL/TLS configuration for any hostnameself.__wrap_n!=1&&self.__wrap_b("_R_158dav5ubtpfl7b_",1)

How SSL/TLS Checker worksself.__wrap_n!=1&&self.__wrap_b("_R_l5dav5ubtpfl7b_",1)

Enter a hostnameself.__wrap_n!=1&&self.__wrap_b("_R_2j9dav5ubtpfl7b_",1)

Inspect TLS configurationself.__wrap_n!=1&&self.__wrap_b("_R_2l9dav5ubtpfl7b_",1)

Get security recommendationsself.__wrap_n!=1&&self.__wrap_b("_R_2n9dav5ubtpfl7b_",1)

What SSL/TLS Checker checksself.__wrap_n!=1&&self.__wrap_b("_R_l5lav5ubtpfl7b_",1)

HSTS policy verificationself.__wrap_n!=1&&self.__wrap_b("_R_339lav5ubtpfl7b_",1)

HTTPS redirect detectionself.__wrap_n!=1&&self.__wrap_b("_R_359lav5ubtpfl7b_",1)

Transport security header analysisself.__wrap_n!=1&&self.__wrap_b("_R_379lav5ubtpfl7b_",1)

Certificate transparency checkself.__wrap_n!=1&&self.__wrap_b("_R_399lav5ubtpfl7b_",1)

Who should use the free SSL/TLS Checkerself.__wrap_n!=1&&self.__wrap_b("_R_l5tav5ubtpfl7b_",1)

DevOps Engineersself.__wrap_n!=1&&self.__wrap_b("_R_1j9tav5ubtpfl7b_",1)

Security Teamsself.__wrap_n!=1&&self.__wrap_b("_R_1l9tav5ubtpfl7b_",1)

Compliance Officersself.__wrap_n!=1&&self.__wrap_b("_R_1n9tav5ubtpfl7b_",1)

All free security toolsself.__wrap_n!=1&&self.__wrap_b("_R_l65av5ubtpfl7b_",1)

Scanners

Checkers

Decoders & Generators

Compliance & Assessments

Frequently asked questionsself.__wrap_n!=1&&self.__wrap_b("_R_l6dav5ubtpfl7b_",1)

What is SSL/TLS?

What is HSTS and why is it important?

What HSTS max-age should I use?

Does this tool check the actual certificate?

How does TLS security relate to penetration testing?

This free SSL/TLS Checker checks a handful of things. Maced's AI pentest checks thousands.self.__wrap_n!=1&&self.__wrap_b("_R_15alav5ubtpfl7b_",1)

Free SSL/TLS Checker

Verify SSL/TLS configuration for any hostname

How SSL/TLS Checker works

Enter a hostname

Inspect TLS configuration

Get security recommendations

What SSL/TLS Checker checks

HSTS policy verification

HTTPS redirect detection

Transport security header analysis

Certificate transparency check

Who should use the free SSL/TLS Checker

DevOps Engineers

Security Teams

Compliance Officers

All free security tools

Frequently asked questions

This free SSL/TLS Checker checks a handful of things. Maced's AI pentest checks thousands.