HTTPS Checklist

Format: Check the transport security of your application.

Checklist:

• Using HTTPS (not HTTP)?
• HTTP requests automatically redirect to HTTPS?
• Is the SSL certificate valid (no expiration warnings)?
• Mixed content (HTTPS page loading HTTP resources)?
• Security headers set? (Content-Security-Policy, X-Frame-Options)

Tool: Scan your domain with SSL Labs and check the score.