It checks:

- HTTPS redirects - SSL certificate validity - Mixed content - basic security headers - HTTP/3 support

AI helped a lot with speed — scaffolding, boilerplate, and quick iterations. But testing, edge cases, and reviewing security-related logic quickly reminded me that AI doesn’t replace understanding. You still own every line of code you ship.

This is mainly a learning project, not meant to replace full security scanners. I’d appreciate any feedback, bug reports, or thoughts on what’s missing or misleading.

Check it out: https://httpsornot.com