Certificate & encryption

Check a site's SSL/TLS security

Enter a domain to inspect its certificate, encryption protocol, certificate chain, and HTTPS hardening — and get an overall grade.

How this check works
  • Cactus opens a TLS connection to the host on port 443 to read its certificate and the negotiated protocol. The site operator can see Cactus's IP in that connection.
  • Cactus makes one HTTPS request to read the site's security headers (such as HSTS).
  • Nothing you enter is stored. Enter just a domain — not a full URL containing private tokens.

Frequently asked questions

What does the padlock in my browser mean?

It means the connection is encrypted with HTTPS, so others can't read it in transit. It does NOT prove the site is honest - scammers use HTTPS too.

How do I check a website's SSL certificate?

Enter the site here. We show its certificate, who issued it, the expiry date, the TLS version, and whether HSTS is enforced, then grade the result.

How our checks work