Troubleshooting & Tools for Web 🔗

Updated August 2, 2025

Sitemap Generator (XML) 🔗

For Google to quickly and easily identify all of the pages of your website, you will want to make an XML sitemap for Google and other search engines access.

An XML sitemap is a plain text XML file which lists all the most important pages across your website. XML sitemaps can be submitted to Google, Bing, and other major search engines to help them discover, crawl, and index your website more easily and effectively.

The more easily search engines can crawl your website, the more likely your rankings are to improve. Learn more about how Google crawls and indexes your website here.

https://www.sureoak.com/seo-tools/google-xml-sitemap-generator

The GDPR applies to organizations, companies, individuals, corporations, public authorities and other entities — including small businesses, charities and nonprofit organizations — that are either based in the EU, offer goods or services (even for free) to people in the EU, or that monitor the behaviour of people in the EU, either directly or as a third party.

This service allows you to create a privacy & cookie policy in minutes, set-up your cookie banner with prior blocking, easily manage consent, maintain compliant processing records and more.

https://www.iubenda.com/en/gdpr

Is a site legit? 🔗

https://www.islegitsite.com/

HTTP/2, HTTP/3 and HSTS 🔗

Test a website’s HTTP/2 support 🔗

WebsiteCommand-lineExtended information

Go to this website: https://tools.keycdn.com/http2-test

Use this command in a Terminal. You should see a response like HTTP/2 200 if successful.

curl -I --http2 https://mobilitydata.org/

This command will return more information, look for HTTP/3 in the response.

curl -svILk https://www.mobilitydatabase.org

Test a website’s HTTP/3 support 🔗

WebsiteCommand-lineExtended information

Go to this website: https://http3check.net

Use this command in a Terminal. You should see a response like HTTP/3 200 if successful.

curl -I --http3 https://mobilitydata.org/

N.B.: You will need a more recent version of curl than the one that comes with macOS in order to use the --http3 flag. You can install it with Brew: brew install curl.

This command will return more information, look for HTTP/3 in the response.

curl -svILk https://www.mobilitydatabase.org

HSTS (HTTP Strict Transport Security) 🔗

HSTS, or HTTP Strict Transport Security, is a security mechanism that enforces HTTPS connections for a website, protecting against man-in-the-middle attacks. It instructs browsers to automatically convert HTTP requests to HTTPS, preventing insecure connections and cookie hijacking.

Is HSTS enabled?Check HSTS preload status and eligibility

Verify if HSTS is enabled and the browser preloads content only through HTTPS.

https://domsignal.com/hsts-test

This form is used to submit domains for inclusion in Chrome’s HTTP Strict Transport Security (HSTS) preload list. This is a list of sites that are hardcoded into Chrome as being HTTPS only. Most major browsers (Chrome, Firefox, Opera, Safari, IE 11 and Edge) also have HSTS preload lists based on the Chrome list. (See the HSTS compatibility matrix.)

https://hstspreload.org/

SSL / TLS 🔗

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that provide secure communication channels over a computer network, primarily the internet. While SSL is the older protocol, TLS is its more modern and secure successor. Both protocols are used to encrypt data transmitted between a client (like a web browser) and a server, ensuring confidentiality and integrity of the information exchanged.

Testing the qualityTest a browser’s supportTest a Website’s supprt

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

https://www.ssllabs.com/ssltest/

This shows the SSL/TLS capabilities of a browser.

https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

Check the SSL/TLS setup of your server or CDN

https://www.cdn77.com/tls-test/

Enable DoH in a browser 🔗

DNS over HTTPS (DoH) is a network protocol that encrypts and secures Domain Name System (DNS) queries using the HTTPS protocol, hiding them within regular web traffic. By wrapping DNS requests in an encrypted HTTPS connection (on port 443), DoH prevents eavesdropping and manipulation by third parties, enhancing user privacy and security against DNS hijacking and surveillance. Here’s how to enable it (if it’s not already) and test if it’s working properly. It is more widely used and supported than DNS over TLS (DoT).

Enable DoH in Google Chrome 🔗

Select the three-dot menu in your browser > Settings.
Select Privacy and security > Security.
Scroll down and enable Use secure DNS.
Select the With option, and from the drop-down menu choose Cloudflare (1.1.1.1).

Enable DoH in Mozilla Firefox 🔗

Select the menu button > Settings.
In the Privacy & Security menu, scroll down to the Enable secure DNS using: section.
Select Increased Protection or Max Protection. By default, it will use the Cloudflare provider.
If this is not the case, select Cloudflare in the Choose Provider dropdown.

Enable DoH in Brave 🔗

Select the menu button in your browser > Settings.
Select Privacy and security > Security.
Under Advanced, enable Use secure DNS.
From the Select DNS provider drop-down menu, choose Cloudflare (1.1.1.1).

Check if the browser is configured correctly 🔗

Visit 1.1.1.1 help page and check if Using DNS over HTTPS (DoH) shows Yes.

IPv6 🔗

IPv6 is the newest version of the Internet Protocol (IP), designed to succeed IPv4. It offers a significantly larger address space, improved routing and addressing, and better support for features like mobile devices and the Internet of Things.

Checks IPv6 connectivityWebsite accessibility validator

https://ipv6-test.com/

https://ipv6-test.com/validate.php

Catchpoint (site performance test) 🔗

WebPageTest (webpagetest.org) is a free website speed testing tool that allows you to run performance tests from around the globe using real browsers at consumer connection speeds with detailed optimization recommendations. The tool is designed for Front-End, WebOps, and QA teams to build, maintain, and continuously improve website performance, providing detailed reports on core web vitals and various performance metrics. One of its key features is its high configurability, allowing users to select from many different browsers and test locations, with multiple test runs to account for performance variations. This makes it valuable for teams looking to optimize website speed, improve SEO rankings, and enhance user experience across different geographic locations and devices.

It is related but goes beyond the Lighthouse test in Chrome.

https://www.webpagetest.org/

WordPress Security Scan 🔗

Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment, and web server.

https://hackertarget.com/wordpress-security-scan/

Nmap Online Port Scanner 🔗

Use Nmap to find open ports on Internet facing systems with this online port scanner.

https://hackertarget.com/nmap-online-port-scanner/

OWASP Web Security Testing Guide 🔗

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals. The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.

OWASP testing guideOWASP web app scanner for most platforms

https://owasp.org/www-project-web-security-testing-guide/

https://www.zaproxy.org/download/