AI ClicksScan · Detect · Secure
Post-Quantum Readiness

Is your TLS ready
for post-quantum?

Classical RSA and EC cryptography will be broken by sufficiently large quantum computers. NIST published the first PQC standards in 2024. This scanner checks where a target site sits on the migration curve.

Run PQC scan Research notes
20+
PQC checks
3
NIST standards
2030
Migration timeline
5–10yr
Threat horizon

What gets checked

Four audit modules, NIST-aligned

TLS Algorithm Audit

  • Protocol: TLSv1.3 / 1.2 / 1.1 / 1.0 detected
  • Cipher suite: AEAD (forward secret) vs legacy RSA key exchange
  • Key bit strength: 256-bit EC vs 2048–4096-bit RSA
  • Classical vs post-quantum algorithm comparison
  • ALPN negotiation: HTTP/2 vs HTTP/1.1
  • HTTP/3 Alt-Svc header detection

Certificate Analysis

  • Chain depth (leaf + intermediates + root)
  • Self-signed certificate detection
  • Subject Alternative Names (SAN) list
  • Signature algorithm: SHA-256/384 with RSA or EC
  • PQC algorithm flag (CRYSTALS-Kyber, Dilithium)
  • Days to expiry: alert if < 30 days

DNSSEC Status

  • RRSIG resource record presence
  • DNSKEY record presence
  • Authenticated Data (AD) flag from resolver
  • Zone signing status per domain label
  • CAA record count and issuer list

PQC Readiness Score

  • TLSv1.3 adoption (prerequisite for Kyber KEM)
  • Certificate key type in NIST PQC shortlist
  • DNSSEC as a DNS integrity layer
  • Multi-year certificate rotation risk
  • Vendor NIST PQC migration timeline flags

NIST PQC timeline

The migration window is narrowing

2022

NIST finalised PQC algorithm candidates: CRYSTALS-Kyber (KEM), CRYSTALS-Dilithium, FALCON, SPHINCS+.

2024

FIPS 203, 204, 205 published. Google Chrome and Cloudflare began Kyber hybrid TLS trials.

2025–26

Browser and CDN adoption accelerates. TLS 1.2 retirement timelines announced by major vendors.

2030 target

NSA CNSA 2.0 requires PQC algorithms for all classified national security systems.

Live scanner

Check any domain's post-quantum readiness posture now.

Quantum Readiness Scan· quantum readiness checks only
Deep scan: Pro plan →
Create free account·Sign in·3 free instant scans left today

Paste a URL above and hit Scan →

Quantum Readiness Scan · Instant scan returns in ~5 seconds

TLS · DMARC · DNSSECAI content detectionBlockchain intelligenceGEO / llms.txt