Acceptable Use & Terms

Last updated: 27 June 2026

The CertControl SSL Test (the “Service”) is a free tool that connects to a server you specify and reports on its SSL/TLS configuration. By using the Service you agree to the terms below.

1. What the Service does

When you submit a hostname, the Service makes outbound TLS connections to that host on a standard TLS port and reads its certificate, supported protocols, cipher suites and HTTP Strict Transport Security header. It returns a grade and a breakdown. It does not attempt to log in, exploit, or alter the target in any way, and it only tests standard TLS ports (such as 443).

2. Acceptable use

• Only test hosts that you own or are explicitly authorised to test.
• Do not use the Service to scan third-party systems without permission, to probe infrastructure you do not control, or as part of any attack, reconnaissance, or denial-of-service activity.
• Do not attempt to bypass the Service’s rate limits, cooldowns, or input validation, or to use it to reach private, internal, or non-public systems.
• Automated or bulk use is not permitted without prior written agreement.

You are responsible for ensuring your use is lawful in your jurisdiction and the target’s.

3. Rate limits

The Service applies per-client and per-target rate limits and a global concurrency cap. Requests that exceed these limits are refused with an HTTP 429 response. Results are cached briefly so that repeated tests of the same host are served without re-scanning.

4. How to opt your host out of scanning

If you operate a host and do not want the Service to scan it, serve a file that returns HTTP 200 at:

https://your-host/.well-known/certcontrol-noprobe

When the Service detects this file, it will refuse to scan that host and return an error instead. The opt-out is cached, so it may take up to 24 hours for a removed file to take effect again. The file’s contents do not matter — only that the path returns HTTP 200.

5. Data and privacy

No account or personal data is required to use the Service. A scan result is cached temporarily and is retrievable via its unguessable result link so it can be shared. Results contain only information already exposed publicly by the tested host. The Service is hosted in the EU. See the CertControl privacy policy for more.

6. No warranty

The Service is provided “as is”, without warranty of any kind. Grades are informational and based on the SSL Labs rating methodology; they are not a guarantee of security or compliance. CertControl is not liable for any loss arising from use of the Service.

7. Abuse & contact

We log usage to detect and prevent abuse and may block clients that violate this policy. To report abuse or request that a host be excluded, contact abuse@certcontrol.pro.

Operated by Certiva ApS · CVR 46450965 · certcontrol.pro