Security Checks

openssl s_client -connect -CAfile /usr/local/etc/openssl/cert.pem

You should see verify return:1 for each certificate in the chain.

Host header injection

Read about it here.

curl -i --header "Host:"

Your site is vulnerable if appears in the results.


Check if your SPF record is valid. Enter your domain here.


Very few sites have this right now.

dig +dnssec

See how to interpret the results.

Published October 26, 2015

You might also enjoy

Bootstrapping Postgres Users

Package Your JavaScript Libraries With Rollup

Verify Slack Requests in Rails

All code examples are public domain.
Use them however you’d like (licensed under CC0).