FreeNo signup for the grade

Your SSL grade, and
everything SSL Labs skips.

SSL Labs grades your TLS. securityheaders.com grades your headers. CertPost grades both — plus email authentication, DNS security, and reputation — in one free check, then watches it so you hear about a drop instead of re-running a scanner.

What the grade covers

Five security dimensions, each scored A to F, with a plain-English finding behind every deduction.

TLS configuration

Which protocol versions the server accepts (TLS 1.0/1.1 are a fail), whether the cipher has forward secrecy, the key and signature strength, and HSTS. This is the part SSL Labs grades — we grade it the same way.

Security headers

HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — present or missing, with what each one protects against. This is the part securityheaders.com grades.

Email authentication

SPF, DKIM, and DMARC (including whether DMARC is actually enforced or only reporting), plus whether the domain accepts mail at all. Spoofable mail is a fail.

DNS security

DNSSEC signing, CAA records that restrict which CAs may issue for you, and dangling CNAMEs that expose a subdomain to takeover.

Reputation

Whether the host is flagged by threat-blocking DNS — the same feeds that would block your visitors before they ever load the page.

How the letter grade is scored

  • A — modern and hardened: TLS 1.2 and 1.3, a forward-secret cipher, a strong key and signature, HSTS in place.
  • B — solid, with a thing or two to tighten (often a missing header or no TLS 1.3).
  • C — works today, but running deprecated settings such as TLS 1.0/1.1 that fail PCI and modern compliance.
  • D — weak: outdated protocols or ciphers are exposed.
  • F — serious problems browsers, scanners, and auditors will flag.

Common questions

Is the grade actually free?

Yes. Paste a domain on the homepage and you get the full grade with every finding, no signup and no email. An account is only needed to watch a domain over time and get alerted when its grade drops.

How is this different from SSL Labs or securityheaders.com?

SSL Labs grades TLS configuration; securityheaders.com grades response headers. CertPost grades both, plus email authentication, DNS security, and reputation, in one check — and then monitors them, so you find out when something regresses instead of remembering to re-run a scanner.

What does the grade mean, exactly?

Each area is scored A to F from a transparent rubric — protocol support, cipher strength, key and signature, headers present, email records, DNSSEC/CAA, and threat-intel status — and every deduction is shown as a plain-English finding you can act on.

Do you store my data or run a crawler?

The instant check reads the certificate your server presents and does a handful of DNS lookups — the same things a browser and a mail server already do. Nothing is installed, and the one-off check needs no account.

See your grade now