Free HTTPS Checker Desktop App


(David) #1

While preparing my site for the switch to https I came across this handy HTTPS Checker desktop app:

https://httpschecker.net

Very helpful and free! :sunglasses:


Finding an embedded font when you don't know where it is
(Tomas Jakobs) #2

I always don’t understand how some people make a business model with free stuff. There are a lot of reliable and good online validators and pen tests. In addition, a desktop app makes no sense if your web server is on your own network and you are looking at it from the inside.

https://observatory.mozilla.org/
https://www.ssllabs.com/ssltest/
https://www.webpagetest.org/


(Andrew) #3

Moz observatory & ssl labs are great links for checking the SSL/TLS implementation on the server, but the desktop HTTPS Checker tool really shines by looking for insecure / mixed content issues along with other things across an entire site to help when moving to HTTPS :slight_smile:


(Doug Bennett) #4

The business model is simple, the free version is limited. You can check out the pricing page to check some of the limits like 500 pages etc.

Why no padlock is a free site that does a great check for mixed content etc.
https://www.whynopadlock.com


(David) #5

This app works perfectly well to find cross origin content. whynopadlock.com is great, but i found it tedious to use as you can scan only one page at a time.

As @stapps said, the app is great for the vast majority of users here for it’s intended use (with the obvious exception of jacobsystems and perhaps the few others with similarly high security needs) - to find insecure / mixed content issues. As we’ve read in previous posts on the topic here in the forum, the vast majority here just need to see that green padlock and avoid browser warnings.

My site now gets an A on https://www.ssllabs.com/ssltest/ and a D on https://observatory.mozilla.org/ for
Content Security Policy (CSP) header not implemented, HTTP Strict Transport Security (HSTS) header not implemented and X-Frame-Options (XFO) header not implemented. So while that’s all great to know and great to know how one can achieve a higher level of security, it is not at all a concern for me and most people here who’s sites to do not collect or display sensitive information.

So if one just needs to get that green padlock, this is a great and comparatively speedy tool to run your website through to find insecure / mixed content issues. And even if one needs to achieve greater security goals than just the green padlock, it seems you still have to start with eliminating insecure / mixed content issues.