Free Tool

Website Uptime Checker

Check if any website is online and healthy. Get a full health report covering DNS, SSL, security headers, performance, and content - with grades for each category.

What You Get

Here's an example of the health report this tool provides. Try it above with any website.

A92/100

Website is Up & Healthy

https://example.com — 187ms response time

Category Grades

DNS
A+
98/100
SSL/TLS
A
95/100
Response
A
90/100
Security
B
80/100

Key Findings

TTFB142ms
SSL CertificateValid (287 days)
HSTSEnabled + Preload
Compressiongzip

The uptime checker performs a deep analysis of your website across seven categories. DNS resolution verifies your domain resolves correctly and measures lookup speed. SSL/TLS checks certificate validity, expiry, and protocol version.

Security headers evaluate protection against common web attacks — HSTS, CSP, clickjacking prevention, and more. Performance measures response time, TTFB, content size, and compression. Content health checks that your page has proper HTML structure (title, meta description, favicon) and isn't returning an error page.

How It Works

1

Enter URL

Type any website URL. We'll resolve the domain, follow redirects, and analyze the full response.

2

Deep Health Analysis

We check DNS, SSL, redirects, response time, TTFB, security headers, compression, and page content in parallel.

3

Get Your Report

View grades for each category with detailed explanations. Copy, share, or download the full report.

Website Health Glossary

The terms behind every grade in your health report — without the marketing fluff.

Uptime

Percentage of time a service responds correctly. Three nines = 99.9% (≈ 8.7 hours of downtime per year). Four nines = 99.99% (≈ 52 minutes per year). The number sets your engineering budget — every additional nine costs roughly an order of magnitude more.

TTFB

Time To First Byte. The wall-clock time from request sent to first response byte received. Includes DNS, TCP, TLS, and server processing. A core Web Vitals input — Google considers under 800 ms 'good' and over 1.8 s 'poor'.

HSTS

HTTP Strict Transport Security. A response header that locks the browser to HTTPS for the configured max-age. With the preload directive, your domain ships in browser binaries, so even the first connection is HTTPS.

CSP

Content Security Policy. The most effective in-browser defence against XSS. Restricts which sources can load scripts, styles, frames, and connect-src endpoints. Best deployed in report-only mode first, then enforced.

Core Web Vitals

Google's user-experience metrics that influence ranking. LCP (Largest Contentful Paint) measures load speed; INP (Interaction to Next Paint) measures responsiveness; CLS (Cumulative Layout Shift) measures visual stability. TTFB feeds into LCP.

Compression (gzip / brotli)

Compresses HTTP responses before sending. gzip is universal; brotli is newer and ~15% better for text. Mandatory for HTML, CSS, JS, and JSON. Already-compressed payloads (images, video) should not be double-compressed.

Status page

A public page that reports current operational status. Communicates incidents transparently to users without overwhelming support. exit1.dev includes managed status pages on every plan.

Common Issues That Hurt Your Grade

The findings that drag the overall score down — what each one means and how to fix it.

Connection timeout

Server did not respond in time

Either the host is overloaded, a firewall is dropping packets, or the path is broken. Test with the ping tool to see if TCP can connect at all. If TCP connects but HTTP times out, the application layer is the problem.

DNS resolution failed

Domain does not resolve

NXDOMAIN, SERVFAIL, or no answer. Check that the domain is registered and that nameservers respond. If you just made a change, propagation can take from minutes to 48 hours depending on TTL.

SSL certificate expired

TLS certificate has passed its expiry date

Browsers block the page completely. Renew immediately. The SSL Checker tool shows exact validFrom/validTo and which CA issued the certificate. Modern setups (Let's Encrypt, Caddy, Cloudflare) auto-renew — re-enable it.

5xx server errors

Application is broken

500/502/503/504 mean the server reached you but the app failed. Check application logs and your error tracker. Recent deployments are the most common cause.

Slow TTFB (> 600 ms)

Server is slow to first byte

Hurts perceived performance and Core Web Vitals. Common causes: slow database query on the home page, no CDN, unoptimised render path, or under-provisioned servers. Profile the slow request to find the bottleneck.

Missing HSTS

No HTTPS enforcement

Without HSTS, the first request after typing http:// is vulnerable to a downgrade attack. Add Strict-Transport-Security with at least max-age=31536000 once you are confident in your HTTPS setup.

Missing CSP

No Content Security Policy

CSP is the strongest defence against stored and reflected XSS. Without one, any injected script can run with full page privileges. Start with a report-only policy, watch the violations, then enforce.

No compression

Responses sent uncompressed

Without gzip or brotli, text payloads are 4–10× larger than they should be. Hurts bandwidth costs and load time. Enable at the CDN or origin — almost every server framework supports it with one flag.

Frequently Asked Questions

This tool performs a comprehensive health check on any website. It tests DNS resolution, SSL certificate validity, redirect chains, HTTP response, performance metrics (TTFB, content size, compression), security headers (HSTS, CSP, X-Frame-Options, and more), and content health (title tag, meta description, favicon). Each category receives a grade from A+ to F, plus an overall health score.

Yes, completely free with no signup required. Just enter a URL and get a full health report instantly. There are no daily limits.

TTFB (Time to First Byte) measures how long it takes for your browser to receive the first byte of data from the server after making a request. A fast TTFB (under 200ms) means your server is responding quickly. Slow TTFB can indicate server performance issues, overloaded hosting, or slow database queries. Google uses TTFB as a factor in Core Web Vitals.

Security headers are HTTP response headers that protect your website and visitors from common attacks. Strict-Transport-Security (HSTS) forces HTTPS connections, Content-Security-Policy prevents XSS attacks, X-Frame-Options blocks clickjacking, and X-Content-Type-Options stops MIME-type sniffing. Missing security headers leave your site and users vulnerable to known attack vectors.

HSTS (HTTP Strict Transport Security) is a security header that tells browsers to always connect to your site over HTTPS, even if a user types http://. This prevents protocol downgrade attacks and cookie hijacking. The 'preload' directive goes further by adding your domain to a built-in browser list, so the very first connection is always HTTPS.

The overall grade is an average of all category scores: DNS resolution, SSL/TLS, redirects, response, performance, security headers, and content health. Each category is scored from 0-100 based on specific criteria, then converted to a letter grade (A+ for 95+, A for 90+, B for 80+, C for 70+, D for 60+, F below 60). The overall grade gives you a quick snapshot of your website's health.

Common reasons for low security grades include: missing HSTS header (no HTTPS enforcement), missing Content-Security-Policy (no XSS protection), missing X-Frame-Options (vulnerable to clickjacking), missing X-Content-Type-Options (MIME sniffing risk), not using HTTPS, or using an outdated TLS version. Each missing header reduces your security score.

Yes! exit1.dev offers continuous website and API monitoring with checks every 2 minutes from multiple regions worldwide. You'll get instant alerts via email, Slack, Discord, Microsoft Teams, or webhooks when your site goes down, responds slowly, or has SSL/domain issues. Start free at app.exit1.dev.

Learn More About Website Monitoring

Guides on uptime monitoring, security headers, and website performance.

How to Check If a Website Is Down

Step-by-step guide to verifying outages, checking status codes, and diagnosing server issues.

HTTP Security Headers Explained

Complete checklist of security headers: HSTS, CSP, CORS, and how to implement them.

API Endpoint Monitoring Playbook

Build a comprehensive API monitoring strategy with validation, alerts, and global coverage.

API Observability Automation Toolkit

Automate API monitoring with payload validation, status automation, and incident response.

Last updated · Built and maintained by exit1.dev — uptime, SSL, and domain monitoring with instant alerts.

Need Continuous Uptime Monitoring?

Stop checking manually. exit1.dev monitors your websites 24/7 with checks every 2 minutes from multiple regions. Get instant alerts via email, Slack, Discord, or webhooks when something goes wrong.

Start Free Monitoring
Start Monitoring