SSL Certificate Analysis for accessories-cdn.euro.dell.com - Security Grade & TLS Configuration

Certificate Information

Subject

C=US, ST=Texas, L=Round Rock, O=Dell Technologies Inc., CN=content-cdn.dell.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

August 20, 2025

Valid Until

September 20, 2026 316 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

20:FE:84:26:D7:B7:FC:79:AB:33:7C:F5:84:51:97:E7:8F:1B:68:47:89:5A:CA:06:6C:1E:35:F9:BA:40:6C:E5

Alternative Names

66 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

66 domains

*.dell.com china.dell.com configure-cdn.dell.com content-cdn.dell.com customization-cdn.dell.com ecomm-cdn.dell.com premier-cdn.dell.com search-cdn.dell.com searchapj-cdn.dell.com *.amer.dell.com *.ap.dell.com *.gtie.dell.com *.us.dell.com accessories-cdn.ap.dell.com accessories-cdn.apj.dell.com accessories-cdn.euro.dell.com agilege2pcf.us.dell.com agilesslpcf.us.dell.com app.manage.dell.com configure-cdn.ap.dell.com configure-cdn.apj.dell.com configure-cdn.euro.dell.com configure-cdn.la.dell.com configure-cdn.us.dell.com gql-int.testapis.dell.com gql-staging.testapis.dell.com gql.apis.dell.com search-cdn.ap.dell.com search-cdn.euro.dell.com search-cdn.la.dell.com stage-app.manage.dell.com stage.manage.dell.com test-app.manage.dell.com test.manage.dell.com www.dellcrm.dell.com www.premierhelpdesk.dell.com www1-cdn.ap.dell.com www1-cdn.ca.dell.com www1-cdn.euro.dell.com www1-cdn.jp.dell.com www1-cdn.la.dell.com www1.ap.dell.com www1.euro.dell.com www1.la.dell.com *.g3.ph.dell.com *.pen.apac.dell.com *.xmn.apac.dell.com agent.api.astra-stage.dell.com agent.api.astra.dell.com

Other domains in certificate

uicore.dellcdn.com

vdi.delllabs.net

dellscp.com gs.dellscp.com www.dellscp.com

api.liveoptics-uat.com app.liveoptics-uat.com capi.liveoptics-uat.com dossier.liveoptics-uat.com papi.liveoptics-uat.com www.liveoptics-uat.com

api.liveoptics.com app.liveoptics.com collectorapi.liveoptics.com dossier.liveoptics.com papi.liveoptics.com www.liveoptics.com