Open
Cached
·
just now
77/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=s4-san.cloudinary.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q2
Valid From
July 08, 2025
Valid Until
August 09, 2026
174 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
4E:F6:84:5E:41:CB:56:7E:E8:19:F6:52:7D:00:FE:49:E4:6E:43:99:CD:88:00:CE:06:72:5D:BF:F8:8D:A5:53
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31557600
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
67 domains
assets.nintendo.com
c-cdn-stg.assets.air-closet.com
media.airportsafetystore.com
images.alko.fi
cdn.apartmenttherapy.info
img.avery.com
media.bergdorfgoodman.com
img.c3controls.com
s4-san.cloudinary.com
ak-assets.cloudinary.us
papish.cloudinary.us
images.discerningassets.com
images.dynamicyield.com
images.enervee.com
v-c-test.etsystatic.com
v-c.etsystatic.com
media.firstbusiness.bank
media.firstbusiness.com
images.framesdirect.com
images.grandsierraresort.com
media.hashtagopen.com
images.hdsupplysolutions.com
media.horchow.com
assets.minbutik.ica.se
assets.icanet.se
media.intostudy.com
cdn-images.italist.com
img.jimmyjazz.com
media.jungfrau.ch
images.lanouvellerepublique.fr
media.lastcall.com
images.lifeworks.com
images.lukiegames.com
img.made.com
medias.maisonsdumonde.com
images.marmonlink.com
media.masterplan.com
images.medicanimal.com
images.meinbge.de
images.milkandmore.co.uk
media.neimanmarcus.com
marketing-assets.nintendo.eu
images.nycgo.com
photos.production.onxmaps.com
media.parkingblock.com
images.pet-supermarket.co.uk
images.pickles.com.au
images.pingidentity.com
media.placester.com
cloudinary.propane.com
images.qiigo.com
vcmp-hotels.sabre.com
images.sftcdn.net
assets.snapchance.no
images.sofology.co.uk
resources.sonyliv.com
images.steelcase.com
cdn.stitcherads.com
cdn-cd.thg.dk
nonprod.assets.tmecosys.com
media.trafficcones.com
media.trafficsafetystore.com
media.ucpa.com
assets.vercel.com
imageedit.walsworthyearbooks.com
c.yell.com
images.cdn.yle.fi
Other domains in certificate