DNS Gurus
Cached · just now
95/100 SECURITY SCORE

Certificate Information

Subject
CN=paddle.com
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
November 29, 2025
Valid Until
February 27, 2026 43 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
2E:C9:9A:4B:D4:63:8A:30:86:3A:FE:F9:45:40:0A:3F:F8:F1:32:C1:49:A5:DD:22:39:10:B7:B1:53:C9:59:85
Alternative Names
2 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; frame-ancestors; base-uri
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Present
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),web-share=(),xr-spatial-tracking=()
Recommendations
  • Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains
paddle.com *.paddle.com