Research Tools: HTTPSWatch

From the Website:

HTTPSWatch tracks the HTTPS support of prominent websites. Click to show details about a site’s HTTPS support.

HTTPSWatch assigns every tracked site a rating approximating the quality of its HTTPS support. If a verified TLS connection cannot be established or no page can be loaded over TLS, the site is given the Bad rating. The Mediocre rating means a TLS connection can be established but there are quality issues with the site’s implementation of HTTPS (e.g. the HTTP site doesn’t redirect to HTTPS or the Strict-Transport-Security header isn’t set). If everything looks good, a Good rating is given.

Many of the sites that receive a Mediocre rating are only missing the HTTP Strict-Transport-Security header and have otherwise good HTTPS. The HSTS header is a vital component of helping visitors reach a website securely. Without HSTS, it is still possible for an attacker to intercept web traffic and prevent users from connecting over HTTPS. Thus, websites will not be rated Good unless they include HSTS.

Direct to HTTPSWatch

Hat Tip: @LetsEncrypt

Leave a Reply

Your email address will not be published.