SSL Certificate Status
Critical SeverityWhat This Check Measures
This check verifies whether the website uses HTTPS (HTTP Secure) encryption, which indicates that an SSL/TLS certificate is active and the connection between the user and server is encrypted.
Why It Matters
- Data Privacy — HTTPS encrypts all data transmitted between the browser and server
- Authentication — SSL certificates verify the website's identity
- Integrity — Prevents man-in-the-middle attacks and data tampering
- SEO Impact — Google ranks HTTPS sites higher in search results
- Browser Trust — Modern browsers show "Not Secure" warnings for HTTP sites
How Data Is Obtained
Source File
src/checks/safety.check.js
Function
SafetyCheck.analyze(url)
Input
The full URL string passed to the analyzer
Detection Logic
// Simple URL protocol check
checks.push({
name: 'SSL Certificate Status',
status: url.startsWith('https://') ? 'pass' : 'fail',
description: url.startsWith('https://')
? 'HTTPS connection established'
: 'No HTTPS - unencrypted connection',
severity: 'critical'
});Libraries
No external libraries required — uses native JavaScript string methods
Status Values
| Status | Condition | Meaning |
|---|---|---|
| pass | URL starts with https:// |
HTTPS is enabled. Data is encrypted in transit. |
| fail | URL starts with http:// |
No encryption. All data sent in plain text. Critical security risk. |
Severity: Critical
This check has critical severity because:
- HTTP connections expose all traffic to eavesdropping
- Passwords, credit cards, and personal data can be intercepted
- Users may unknowingly submit sensitive information over insecure connections
- Modern browsers actively warn users about non-HTTPS sites
Impact on Category Score
As a critical severity check:
- A
passcontributes positively to the Safety & Threats score - A
failsignificantly reduces the category score - The
calculateCategoryScore()function weights critical checks heavily
Limitations
What This Check Does NOT Verify
- Certificate validity (expiration date)
- Certificate chain integrity
- Certificate authority trustworthiness
- Cipher suite strength
- TLS version (1.2 vs 1.3)
For deeper TLS analysis, see the Security Headers Agent which examines HSTS and other security headers.