SSL / TLS Security Checker
Full SSL/TLS audit for any domain — certificate validity, expiry, HSTS, HTTP/2, security headers, CAA, DNSSEC, and an A–F score with recommendations.
Certificate
TLS & HTTPS Configuration
DNS Security
HTTP Security Headers
Recommendations
Disclaimer: Free tool provided “as is” by MonitorGiant. No warranty or liability for any data loss, security issues, or infrastructure problems arising from use of this tool. Results are for informational purposes only. · A Free Tool by MonitorGiant
What is SSL / TLS Security Checker?
The SSL / TLS Security Checker performs a comprehensive audit of a domain's HTTPS configuration via a server-side edge function. It checks certificate validity and expiry, the certificate chain, HSTS (HTTP Strict Transport Security), HTTP/2 support, security response headers (CSP, X-Frame-Options, etc.), CAA (Certification Authority Authorisation) DNS records, and DNSSEC. The results are combined into an A–F security grade with specific, actionable recommendations for each finding. Monitor your site automatically with MonitorGiant for ongoing SSL expiry alerts.
How to use this tool
- 1 Enter a domain name (without https://) into the input and click 'Check SSL'.
- 2 The tool connects to your server, retrieves the certificate chain, and runs all checks in parallel.
- 3 Review the security grade (A–F) at the top — the grade reflects the worst individual finding.
- 4 Expand each check row to see the specific value found and the recommendation for improvement.
- 5 Pay particular attention to expiry date, HSTS max-age, and missing security headers — these are the most commonly actionable findings.
When would you use this?
- Before launching a website or API to confirm TLS is correctly configured and the certificate chain is complete.
- After renewing an SSL certificate to verify the new certificate is deployed and the old one is fully replaced.
- During a security audit to identify missing HTTP security headers that could expose users to clickjacking or content injection.
Worried about your certificate expiring without warning? MonitorGiant monitors SSL expiry and sends you alerts days before your cert lapses — so you're never caught off guard.
Frequently asked questions — SSL / TLS Security Checker
How do I check if my SSL certificate is valid?
Enter your domain name (without https://) and click 'Check SSL'. The tool connects to your server from a MonitorGiant edge function, retrieves the full certificate chain, and checks: whether the certificate is issued by a trusted CA, whether the domain name matches the certificate's Common Name or Subject Alternative Names, whether the certificate has expired or will expire within 30 days, and whether the chain is complete with no missing intermediate certificates.
What is a CAA record?
A CAA (Certification Authority Authorisation) DNS record specifies which certificate authorities are permitted to issue SSL certificates for your domain. For example, adding 'issue "letsencrypt.org"' to your CAA records prevents any other CA from issuing a certificate for your domain, even if an attacker tricks a CA into doing so. CAA records are a defence-in-depth measure recommended by browser security baselines and checked in this tool's audit.
What is DNSSEC?
DNSSEC (Domain Name System Security Extensions) adds cryptographic signatures to DNS records, allowing resolvers to verify that the DNS response they received hasn't been tampered with in transit. Without DNSSEC, attackers can perform DNS spoofing or cache poisoning to redirect traffic from your domain to a malicious server — even if your SSL certificate is valid. DNSSEC is enabled at the domain registrar and DNS provider level, and its status is visible in this tool's results.
How SSL / TLS Security Checker works
Enter any domain name and get a full picture of its SSL/TLS security in seconds — certificate status, HTTPS configuration, security headers, and an A–F grade with clear recommendations.
- 1
Enter your domain and click Check SSL
Type a bare domain like example.com — no https:// needed. The check runs entirely on our servers so it can test things a browser alone cannot, like whether your server's HTTPS connection is properly configured. Results typically appear in 3–8 seconds.
- 2
Read the A–F security grade
Your domain gets a score from 0–100. A properly configured site with a valid certificate, HTTPS redirect, and basic security headers will reach grade A. Advanced settings like HSTS, CAA records, and DNSSEC push the score toward A+. The grade and score are always visible at the top of results.
- 3
Review your certificate details
See exactly which certificate is protecting your domain — who issued it, when it expires, and which domain names it covers. Certificate data is sourced from public Certificate Transparency logs, which all trusted certificate authorities are required to update whenever they issue a certificate.
- 4
Check HTTPS and security headers
The tool verifies that plain HTTP visitors are redirected to HTTPS, checks whether HSTS is enabled to prevent downgrade attacks, and scans for key security headers like Content-Security-Policy, X-Frame-Options, and Referrer-Policy.
- 5
Act on the recommendations
The recommendations panel lists issues in order of urgency — critical, warning, and informational. Each item explains what the problem is and includes a ready-to-use fix for common web servers so you can resolve it straight away.
Checks run from our servers on your behalf. Your domain name is used only to perform the scan and is not stored or logged.
Comments & Feedback
Found a bug? Have a suggestion? We'd love to hear from you.
Related Tools
From the makers of this tool
Need deeper observability?
MonitorGiant tracks real-time AI performance, infrastructure health, and system reliability — far beyond what free utilities can show.