Open
Cached
·
just now
79/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=secure2s.scene7.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid From
March 20, 2025
Valid Until
March 19, 2026
59 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
29:B3:6A:E2:E7:14:B6:8E:71:B2:B3:BC:3B:24:70:61:4E:30:A9:DB:04:CF:3A:BB:F1:30:AD:BA:E9:DB:0A:36
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
64 domains
assets.orvis.com
assetlibrary.aetna.com
images.alphatauri.com
assets.assaabloyamericas.com
media.audi.com
static-dm.barcelo.com
media.blackstore.fr
images.blue-tomato.com
media1.blue-tomato.com
media2.blue-tomato.com
media3.blue-tomato.com
media4.blue-tomato.com
media5.blue-tomato.com
media.bricodepot.ro
asset.brilliantbylangham.com
images.business.bt.com
images.crepeerase.com
assets.crowdstrike.com
images.cspire.com
img.davidsbridal.com
assets.dearbornmarket.com
media.diy.com
dm-images.fishersci.com
media.guitarcenter.com
images.happyxnature.com
assets.ext.hpe.com
images.kennametal.com
images.lampsplus.com
images.lennoxpros.com
scene7.lillypulitzer.com
assets.merkle.com
assets.misumi-ec.com
stg0-assets.misumi-ec.com
media.moebel-rogg.de
media.music123.com
media.musicarts.com
dm-assets.navyfederal.org
assets.newyorklife.com
assets.orvistest.com
dev-s7.petco.com
media.direct.playstation.com
assets.priceritemarketplace.com
assets.ray-ban.com
secure2s.scene7.com
media.screwfix.ie
images.shaneco.com
assets.shoprite.com
assets.singaporeair.com
media.sportscheck.com
images.stoneside.com
media.teamviewer.com
assets.teknorapex.com
assets.thefreshgrocer.com
dm-images.thermofisher.com
assets.torrid.com
dynamicmedia.troweprice.com
img.uline.com
imgdev.uline.com
images.uncommonsense.com
images.visualcomfort.com
assets.wakefern.com
adm.assets.westpac.com.au
stage-adm.assets.westpac.com.au
media.wwbw.com
Other domains in certificate