AI helped a lot with speed — scaffolding, boilerplate, and quick iterations.
But testing, edge cases, and reviewing security-related logic quickly reminded me that AI doesn’t replace understanding. You still own every line of code you ship.
This is mainly a learning project, not meant to replace full security scanners.
I’d appreciate any feedback, bug reports, or thoughts on what’s missing or misleading.
I created a very simple, lightweight tool to check the security of your web application. It includes checks for:
- SSL cert's - HTTPS redirection - Seurity headers - Mixed content - HTTP/3 support - CAA and DNSSEC
It's free. No registration required. Check it out: https://httpsornot.com
You can exports results in pdf or csv. Reports are publicly available, example: https://httpsornot.com/report/google.com
I am currently working on exposing the API. It will be public, with a free plan that allows a limited number of checks per month at no cost.