Generate hardened SSL/TLS configuration for your web server, or paste your existing config to find security issues.
TLS 1.3 only. Maximum security, supports all current browsers.
Chrome 70+, Firefox 63+, Safari 12.1+, Edge 79+, Android 10+, iOS 12.2+
TLS 1.2 + 1.3 with strong cipher suites. Recommended for most sites.
Chrome 30+, Firefox 27+, Safari 7+, Edge 12+, Android 4.4+, iOS 9+, IE 11
Includes TLS 1.0/1.1 for maximum compatibility. Not recommended.
IE 8+, Android 2.3+, Java 6+, OpenSSL 0.9.8+
TLS 1.0 and 1.1 are deprecated (RFC 8996). Use only if you must support very old clients.
Force HTTPS via Strict-Transport-Security
Embed certificate revocation status
Enable HTTP/2 protocol support
Redirect all HTTP traffic to HTTPS
Include preload directive (submit to hstspreload.org)
We'll detect the server type and find security anti-patterns.
We're new and growing — your feedback helps us improve.
Your bug report was submitted. We appreciate the help.